├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md └── workflows │ ├── labels-workflow.yml │ ├── terraform-fmt-workflow.yml │ └── terraform-lint-workflow.yml ├── .gitignore ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE.md ├── README.md ├── modules ├── aws-to-azure-bgp-vpn │ ├── README.md │ ├── data.tf │ ├── main.tf │ ├── providers.tf │ ├── resources.aws.tf │ ├── resources.azure.tf │ └── variables.tf ├── beanstalk │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── ecs-ec2-windows │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── ecs-fargate-windows │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── eks-custom-ami-ec2-image-builder │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── eks-windows │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── outputs.tf │ ├── scripts │ │ ├── aws-auth-cm-windows.tftpl │ │ └── userdata_windows.tftpl │ └── variables.tf ├── fsx-windows │ ├── README.md │ ├── main.tf │ └── variables.tf ├── managed-ad │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── rds-sqlserver │ ├── README.md │ ├── main.tf │ └── variables.tf └── vpc │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── outputs.tf │ └── variables.tf └── workshops └── ENT303 ├── README.md ├── codeblock01.tf ├── codeblock02.tf ├── codeblock03.tf ├── codeblock04.tf ├── codeblock05.tf ├── codeblock06.tf ├── codeblock07.tf ├── codeblock08.tf ├── existing_resources.tf ├── existing_webserverfiles ├── CPUSTRES64.EXE ├── Content │ ├── Amazon-Web-Services-Logo-White.png │ ├── Site.css │ ├── bootstrap-theme.css │ ├── bootstrap-theme.css.map │ ├── bootstrap-theme.min.css │ ├── bootstrap-theme.min.css.map │ ├── bootstrap.css │ ├── bootstrap.css.map │ ├── bootstrap.min.css │ ├── bootstrap.min.css.map │ └── success.png ├── Global.asax ├── Scripts │ ├── bootstrap.js │ ├── bootstrap.min.js │ ├── jquery-3.4.1.min.map │ ├── jquery-3.4.1.slim.min.map │ ├── jquery.validate.js │ ├── jquery.validate.min.js │ ├── jquery.validate.unobtrusive.js │ └── jquery.validate.unobtrusive.min.js ├── Views │ ├── Home │ │ └── Index.cshtml │ ├── Shared │ │ ├── Error.cshtml │ │ └── _Layout.cshtml │ ├── Web.config │ └── _ViewStart.cshtml ├── Web.config ├── bin │ ├── Antlr3.Runtime.dll │ ├── Antlr3.Runtime.pdb │ ├── CommunicationRig.dll │ ├── CommunicationRig.pdb │ ├── EntityFramework.SqlServer.dll │ ├── EntityFramework.dll │ ├── Microsoft.CodeDom.Providers.DotNetCompilerPlatform.dll │ ├── Microsoft.Web.Infrastructure.dll │ ├── Newtonsoft.Json.dll │ ├── System.Web.Helpers.dll │ ├── System.Web.Mvc.dll │ ├── System.Web.Optimization.dll │ ├── System.Web.Razor.dll │ ├── System.Web.WebPages.Deployment.dll │ ├── System.Web.WebPages.Razor.dll │ ├── System.Web.WebPages.dll │ ├── WebGrease.dll │ └── roslyn │ │ ├── Microsoft.Build.Tasks.CodeAnalysis.dll │ │ ├── Microsoft.CSharp.Core.targets │ │ ├── Microsoft.CodeAnalysis.CSharp.Scripting.dll │ │ ├── Microsoft.CodeAnalysis.CSharp.dll │ │ ├── Microsoft.CodeAnalysis.Scripting.dll │ │ ├── Microsoft.CodeAnalysis.VisualBasic.dll │ │ ├── Microsoft.CodeAnalysis.dll │ │ ├── Microsoft.DiaSymReader.Native.amd64.dll │ │ ├── Microsoft.DiaSymReader.Native.x86.dll │ │ ├── Microsoft.Managed.Core.targets │ │ ├── Microsoft.VisualBasic.Core.targets │ │ ├── Microsoft.Win32.Primitives.dll │ │ ├── System.AppContext.dll │ │ ├── System.Collections.Immutable.dll │ │ ├── System.Console.dll │ │ ├── System.Diagnostics.DiagnosticSource.dll │ │ ├── System.Diagnostics.FileVersionInfo.dll │ │ ├── System.Diagnostics.StackTrace.dll │ │ ├── System.Globalization.Calendars.dll │ │ ├── System.IO.Compression.ZipFile.dll │ │ ├── System.IO.Compression.dll │ │ ├── System.IO.FileSystem.Primitives.dll │ │ ├── System.IO.FileSystem.dll │ │ ├── System.Net.Http.dll │ │ ├── System.Net.Sockets.dll │ │ ├── System.Reflection.Metadata.dll │ │ ├── System.Runtime.InteropServices.RuntimeInformation.dll │ │ ├── System.Security.Cryptography.Algorithms.dll │ │ ├── System.Security.Cryptography.Encoding.dll │ │ ├── System.Security.Cryptography.Primitives.dll │ │ ├── System.Security.Cryptography.X509Certificates.dll │ │ ├── System.Text.Encoding.CodePages.dll │ │ ├── System.Threading.Tasks.Extensions.dll │ │ ├── System.ValueTuple.dll │ │ ├── System.Xml.ReaderWriter.dll │ │ ├── System.Xml.XPath.XDocument.dll │ │ ├── System.Xml.XPath.dll │ │ ├── System.Xml.XmlDocument.dll │ │ ├── VBCSCompiler.exe │ │ ├── VBCSCompiler.exe.config │ │ ├── csc.exe │ │ ├── csc.exe.config │ │ ├── csc.rsp │ │ ├── csi.exe │ │ ├── csi.exe.config │ │ ├── csi.rsp │ │ ├── vbc.exe │ │ ├── vbc.exe.config │ │ └── vbc.rsp ├── favicon.ico └── fonts │ ├── glyphicons-halflings-regular.eot │ ├── glyphicons-halflings-regular.svg │ ├── glyphicons-halflings-regular.ttf │ ├── glyphicons-halflings-regular.woff │ └── glyphicons-halflings-regular.woff2 ├── main.tf ├── pdo_cfn.yaml ├── terraform.tfvars ├── variables.tf └── webserver_user_data.ps1 /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: "[BUG]" 5 | labels: bug 6 | assignees: marciogmorales 7 | 8 | --- 9 | 10 | ## Description 11 | 12 | Please provide a clear and concise description of the issue you are encountering, and a reproduction of your configuration. 13 | 14 | If your request is for a new feature, please use the `Feature request` template. 15 | 16 | - [ ] ✋ I have searched the open/closed issues and my issue is not listed. 17 | 18 | ## ⚠️ Note 19 | 20 | Before you submit an issue, please perform the following first: 21 | 22 | 1. Remove the local `.terraform` directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): `rm -rf .terraform/` 23 | 2. Re-initialize the project root to pull down modules: `terraform init` 24 | 3. Re-attempt your terraform plan or apply and check if the issue still persists 25 | 26 | ## Versions 27 | 28 | - Module version [Required]: 29 | 30 | - Terraform version: 31 | 32 | - Provider version(s): 33 | 34 | 35 | ## Reproduction Code [Required] 36 | 37 | 38 | 39 | Steps to reproduce the behavior: 40 | 41 | 42 | 43 | 44 | ## Expected behavior 45 | 46 | 47 | 48 | ## Actual behavior 49 | 50 | 51 | 52 | ### Terminal Output Screenshot(s) 53 | 54 | 55 | 56 | ## Additional context 57 | 58 | 59 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: "[Feature request]" 5 | labels: enhancement 6 | assignees: marciogmorales 7 | 8 | --- 9 | 10 | Is your request related to a new offering from AWS? 11 | 12 | Is this functionality available in the [AWS provider for Terraform](https://registry.terraform.io/providers/hashicorp/aws/latest/docs)? See [CHANGELOG.md](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md). 13 | 14 | - No 🛑: please wait to file a request until the functionality is available in the AWS provider 15 | - Yes ✅: please list the AWS provider version which introduced this functionality 16 | 17 | ## Is your request related to a problem? Please describe. 18 | 19 | 20 | ## Describe the solution you'd like. 21 | 22 | 23 | ## Describe alternatives you've considered. 24 | 25 | 26 | ## Additional context 27 | 28 | -------------------------------------------------------------------------------- /.github/workflows/labels-workflow.yml: -------------------------------------------------------------------------------- 1 | name: Bug label 2 | on: 3 | issues: 4 | types: 5 | - opened 6 | 7 | jobs: 8 | assign-label: 9 | permissions: 10 | issues: write 11 | runs-on: ubuntu-latest 12 | steps: 13 | - name: Assign bug label 14 | if: contains(github.event.issue.title, 'bug') 15 | run: | 16 | curl -X POST \ 17 | --url https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels \ 18 | -H 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ 19 | -H 'content-type: application/json' \ 20 | -d '{ 21 | "labels": ["bug"] 22 | }' \ 23 | --fail -------------------------------------------------------------------------------- /.github/workflows/terraform-fmt-workflow.yml: -------------------------------------------------------------------------------- 1 | name: Terraform FMT Check 2 | 3 | on: 4 | pull_request: 5 | branches: 6 | - main 7 | push: 8 | branches: 9 | - main 10 | 11 | jobs: 12 | terraform-fmt: 13 | defaults: 14 | run: 15 | working-directory: ./modules 16 | name: Terraform FMT Check 17 | runs-on: ubuntu-latest 18 | 19 | steps: 20 | # Checkout the repository 21 | - name: Checkout code 22 | uses: actions/checkout@v4 23 | 24 | # Set up Terraform 25 | - name: Set up Terraform 26 | uses: hashicorp/setup-terraform@v3 27 | with: 28 | terraform_version: 1.8.0 29 | 30 | # Run Terraform FMT and capture unformatted files 31 | - name: Check Terraform Formatting 32 | id: terraform_fmt 33 | run: | 34 | terraform fmt -check -recursive > fmt_output.txt || true 35 | if [ -s fmt_output.txt ]; then 36 | echo "The following files need to be formatted:" 37 | cat fmt_output.txt 38 | exit 1 39 | else 40 | echo "All Terraform files are properly formatted." 41 | fi 42 | 43 | 44 | # How This Script Works: 45 | 46 | # 1. Check Formatting and Capture Output: 47 | # • The command terraform fmt -check -recursive checks the formatting and writes any unformatted files to fmt_output.txt. 48 | # • The || true at the end ensures the script continues even if the command fails (which it will if there are unformatted files). 49 | # 2. Check for Unformatted Files: 50 | # • If fmt_output.txt is not empty (meaning there are unformatted files), the script outputs the list of unformatted files and exits with a status of 1 to fail the job. 51 | # • If fmt_output.txt is empty, the script confirms that all files are properly formatted. 52 | # 3. Failing the Workflow: 53 | # • The exit 1 command ensures that the workflow fails if there are any unformatted files. 54 | -------------------------------------------------------------------------------- /.github/workflows/terraform-lint-workflow.yml: -------------------------------------------------------------------------------- 1 | name: Terraform Lint Check 2 | 3 | on: 4 | pull_request: 5 | branches: 6 | - main 7 | push: 8 | branches: 9 | - main 10 | 11 | jobs: 12 | terraform-lint: 13 | defaults: 14 | run: 15 | working-directory: ./modules 16 | name: Terraform Lint Check 17 | runs-on: ubuntu-latest 18 | 19 | steps: 20 | # Checkout the repository 21 | - name: Checkout code 22 | uses: actions/checkout@v4 23 | 24 | # Set up Terraform 25 | - name: Set up Terraform 26 | uses: hashicorp/setup-terraform@v3 27 | with: 28 | terraform_version: 1.8.0 29 | 30 | # Install tflint (Terraform Linter) 31 | - name: Install tflint 32 | run: | 33 | curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash 34 | 35 | # Run tflint to lint the Terraform files 36 | - name: Run tflint 37 | run: tflint 38 | 39 | # Fail the workflow if tflint finds issues 40 | - name: Check for lint issues 41 | if: failure() 42 | run: | 43 | echo "Terraform linting failed. Please fix the issues before proceeding." 44 | exit 1 45 | 46 | 47 | 48 | # How it works: 49 | 50 | # 1. Triggering Events: The workflow triggers on pull requests and pushes to the main branch. 51 | # 2. Checkout Code: The repository’s code is checked out. 52 | # 3. Set up Terraform: Terraform is installed and set up using the specified version. 53 | # 4. Install tflint: The tflint tool, which lints Terraform files, is installed. 54 | # 5. Run tflint: The workflow runs tflint to check the Terraform files for linting issues. 55 | # 6. Fail the Workflow: If any linting issues are found, the workflow will fail the pull request or merge to the main branch by running the exit 1 command. 56 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | *terraform.lock* 8 | 9 | # Crash log files 10 | crash.log 11 | 12 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 13 | # .tfvars files are managed as part of configuration and so should be included in 14 | # version control. 15 | # 16 | # example.tfvars 17 | 18 | # Ignore override files as they are usually used to override resources locally and so 19 | # are not checked in 20 | override.tf 21 | override.tf.json 22 | *_override.tf 23 | *_override.tf.json 24 | 25 | # Include override files you do wish to add to version control using negated pattern 26 | # 27 | # !example_override.tf 28 | 29 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 30 | # example: *tfplan* 31 | 32 | #MacOS DSFiles 33 | *.DS_Store* 34 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional 4 | documentation, we greatly value feedback and contributions from our community. 5 | 6 | Please read through this document before submitting any issues or pull requests to ensure we have all the necessary 7 | information to effectively respond to your bug report or contribution. 8 | 9 | 10 | ## Reporting Bugs/Feature Requests 11 | 12 | We welcome you to use the GitHub issue tracker to report bugs or suggest features. 13 | 14 | When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already 15 | reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: 16 | 17 | * A reproducible test case or series of steps 18 | * The version of our code being used 19 | * Any modifications you've made relevant to the bug 20 | * Anything unusual about your environment or deployment 21 | 22 | 23 | ## Contributing via Pull Requests 24 | Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that: 25 | 26 | 1. You are working against the latest source on the *main* branch. 27 | 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already. 28 | 3. You open an issue to discuss any significant work - we would hate for your time to be wasted. 29 | 30 | To send us a pull request, please: 31 | 32 | 1. Fork the repository. 33 | 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change. 34 | 3. Ensure local tests pass. 35 | 4. Commit to your fork using clear commit messages. 36 | 5. Send us a pull request, answering any default questions in the pull request interface. 37 | 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. 38 | 39 | GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and 40 | [creating a pull request](https://help.github.com/articles/creating-a-pull-request/). 41 | 42 | 43 | ## Finding contributions to work on 44 | Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start. 45 | 46 | 47 | ## Code of Conduct 48 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 49 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 50 | opensource-codeofconduct@amazon.com with any additional questions or comments. 51 | 52 | 53 | ## Security issue notifications 54 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. 55 | 56 | 57 | ## Licensing 58 | 59 | See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. 60 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of 4 | this software and associated documentation files (the "Software"), to deal in 5 | the Software without restriction, including without limitation the rights to 6 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 7 | the Software, and to permit persons to whom the Software is furnished to do so. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 10 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 11 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 12 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 13 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 14 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## AWS Terraform Blueprint: Windows Workloads 2 | 3 | The AWS Terraform Blueprint: Windows Workloads is a project born due to the lack of Terraform blueprints for Windows on AWS. A group of AWS Specialist Solution Architects on Windows Workloads at AWS developed these blueprints. You can use them as samples to build your own Terraform templates or deploy test environments. 4 | 5 | We were inclined to simplicity, and our code is easy to read, whether you are new to Terraform or an expert. 6 | 7 | ## How to use 8 | Navigate into the **modules** folder, where you can find each individual module that we have created. 9 | 10 | 11 | First of all, you can use a VPC module to deploy a fully functional VPC with private/public subnets, internet gateway, nat gateway, and proper routing setup. Once you deploy this module, all other modules can be deployed on top of that. This is only required if you are starting with Terraform; otherwise, you can customize it as needed. 12 | 13 | You can choose between two options for using these modules: 14 | - Downloading the modules and including them in your project 15 | - Using them directly from the [Terraform registry](https://registry.terraform.io/modules/aws-samples/windows-workloads-on-aws/aws). From here, click the **submodules** banner and select the one you're interested in learning about. This will load all the information and instructions for using the module. 16 | 17 | ## Security 18 | 19 | See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. 20 | 21 | ## License 22 | 23 | This library is licensed under the MIT-0 License. See the [LICENSE](LICENSE.md) file. -------------------------------------------------------------------------------- /modules/aws-to-azure-bgp-vpn/README.md: -------------------------------------------------------------------------------- 1 | # AWS to Azure HA BGP VPN 2 | It typically takes 25 - 35 minutes to run in total. 3 | It will deploy a VPN Gateway3 on Azure as AWS is limited to 1.25Gb so the Azure side is also at 1.25Gb 4 | 5 | ## Providers 6 | - hashicorp/aws | version = ">=4.29.0" 7 | - hashicorp/azure | version = ">=3.21.1" 8 | 9 | ## Variables description 10 | **Do NOT** change the bgp routing peers as these are predefined 11 | - **common_tags (map(any))**: AWS to Azure High Availability BGP VPN 12 | - **aws_location (string)**: AWS Region 13 | - **aws_location_prefix (string)**: Name for Created Resources 14 | - **aws_vpn_bgp_asn (number)**: AWS BGP ASN 15 | - **aws_vpn_bgp_peering_cidr_1 (string)**: AWS VPN BGP CIDR Peer 16 | - **aws_vpn_bgp_peering_cidr_2 (string)**: AWS VPN BGP CIDR Peer 17 | - **aws_vpn_bgp_peering_cidr_3 (string)**: AWS VPN BGP CIDR Peer 18 | - **aws_vpn_bgp_peering_cidr_4 (string)**: AWS VPN BGP CIDR Peer 19 | - **aws_vpn_bgp_peering_address_1 (string)**: AWS VPN BGP Peer IP Address 20 | - **aws_vpn_bgp_peering_address_2 (string)**: AWS VPN BGP Peer IP Address 21 | - **aws_vpn_bgp_peering_address_3 (string)**: AWS VPN BGP Peer IP Address 22 | - **aws_vpn_bgp_peering_address_4 (string)**: AWS VPN BGP Peer IP Address 23 | - **azure_location (string)**: Azure Region 24 | - **azure_location_prefix (string)**: Add EUS for naming convention on Resources 25 | - **azure_vnet_address_prefix (string)**: Virtual Network 26 | - **azure_vnet_subnet_prefix_1 (string)**: Default Subnet 27 | - **azure_vnet_subnet_prefix_2 (string)**: Gateway Subnet 28 | - **azure_vpn_bgp_asn (number)**: Azure BGP ASN 29 | - **azure_vpn_bgp_peering_cidr_1 (string)**: Azure VPN BGP CIDR Peer 30 | - **azure_vpn_bgp_peering_cidr_2 (string)**: Azure VPN BGP CIDR Peer 31 | - **azure_vpn_bgp_peering_cidr_3 (string)**: Azure VPN BGP CIDR Peer 32 | - **azure_vpn_bgp_peering_cidr_4 (string)**: Azure VPN BGP CIDR Peer 33 | - **azure_vpn_bgp_peering_address_1 (string)**: Azure VPN BGP Peer IP Address 34 | - **azure_vpn_bgp_peering_address_2 (string)**: Azure VPN BGP Peer IP Address 35 | - **azure_vpn_bgp_peering_address_3 (string)**: Azure VPN BGP Peer IP Address 36 | - **azure_vpn_bgp_peering_address_4 (string)**: Azure VPN BGP Peer IP Address 37 | 38 | ## Usage 39 | ```hcl 40 | module "aws-to-azure-bgp-vpn" { 41 | source = "aws-samples/windows-workloads-on-aws/aws//modules/aws-to-azure-bgp-vpn" 42 | 43 | aws_location = "us-east-1" 44 | azure_location = "eastus" 45 | } 46 | ``` 47 | 48 | ## Setup Account 49 | In Azure - create an App Registration with a Secret - additional information in this 50 | [article](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret#configuring-the-service-principal-in-terraform) 51 | 52 | These Values are obtained from the Azure App Registration 53 | - ARM_CLIENT_SECRET 54 | - ARM_CLIENT_ID 55 | - ARM_SUBSCRIPTION_ID 56 | - ARM_TENANT_ID 57 | Grant the App Registration the Subscription - Owner Role -------------------------------------------------------------------------------- /modules/aws-to-azure-bgp-vpn/data.tf: -------------------------------------------------------------------------------- 1 | // Azure Public IPs 2 | data "azurerm_public_ip" "main_1" { 3 | name = azurerm_public_ip.main_1.name 4 | resource_group_name = azurerm_public_ip.main_1.resource_group_name 5 | depends_on = [ 6 | azurerm_virtual_network_gateway.main 7 | ] 8 | } 9 | 10 | data "azurerm_public_ip" "main_2" { 11 | name = azurerm_public_ip.main_2.name 12 | resource_group_name = azurerm_public_ip.main_2.resource_group_name 13 | depends_on = [ 14 | azurerm_virtual_network_gateway.main 15 | ] 16 | } 17 | 18 | data "aws_vpc" "main" { 19 | filter { 20 | name = "tag:Name" 21 | values = ["VPC"] 22 | } 23 | } -------------------------------------------------------------------------------- /modules/aws-to-azure-bgp-vpn/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = "~> 5.0" 6 | } 7 | azurerm = { 8 | source = "hashicorp/azurerm" 9 | version = "~> 4.0.1" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /modules/aws-to-azure-bgp-vpn/providers.tf: -------------------------------------------------------------------------------- 1 | // AWS Provider Version https://registry.terraform.io/providers/hashicorp/aws/latest 2 | // Azure Provider Version https://registry.terraform.io/providers/hashicorp/azurerm/3.16.0 3 | provider "aws" { 4 | region = var.aws_location 5 | } 6 | 7 | provider "azurerm" { 8 | features { 9 | resource_group { 10 | prevent_deletion_if_contains_resources = false 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /modules/aws-to-azure-bgp-vpn/resources.aws.tf: -------------------------------------------------------------------------------- 1 | // AWS Cloud Resources 2 | // Deploy Route Table 3 | resource "aws_vpn_gateway_route_propagation" "main" { 4 | vpn_gateway_id = aws_vpn_gateway.main.id 5 | route_table_id = data.aws_vpc.main.main_route_table_id 6 | } 7 | 8 | // Deploy VPN Gateway 9 | resource "aws_vpn_gateway" "main" { 10 | vpc_id = data.aws_vpc.main.id 11 | 12 | tags = merge(var.common_tags, { 13 | Name = "${var.aws_location_prefix}-VPNGWY" 14 | }) 15 | } 16 | 17 | // Deploy Customer Gateways 18 | resource "aws_customer_gateway" "main_1" { 19 | ip_address = data.azurerm_public_ip.main_1.ip_address 20 | bgp_asn = var.azure_vpn_bgp_asn 21 | type = "ipsec.1" 22 | 23 | tags = merge(var.common_tags, { 24 | Name = "${var.aws_location_prefix}-CGW" 25 | }) 26 | 27 | lifecycle { 28 | ignore_changes = [ip_address] 29 | } 30 | 31 | depends_on = [ 32 | data.azurerm_public_ip.main_1 33 | ] 34 | } 35 | resource "aws_customer_gateway" "main_2" { 36 | ip_address = data.azurerm_public_ip.main_2.ip_address 37 | bgp_asn = var.azure_vpn_bgp_asn 38 | type = "ipsec.1" 39 | 40 | //tags = var.common_tags 41 | tags = merge(var.common_tags, { 42 | Name = "${var.aws_location_prefix}-CGW" 43 | }) 44 | 45 | lifecycle { 46 | ignore_changes = [ip_address] 47 | } 48 | 49 | depends_on = [ 50 | data.azurerm_public_ip.main_2 51 | ] 52 | } 53 | 54 | // Create VPN Connections 55 | resource "aws_vpn_connection" "main_1" { 56 | vpn_gateway_id = aws_vpn_gateway.main.id 57 | customer_gateway_id = aws_customer_gateway.main_1.id 58 | 59 | type = "ipsec.1" 60 | tunnel1_inside_cidr = var.aws_vpn_bgp_peering_cidr_1 61 | tunnel2_inside_cidr = var.aws_vpn_bgp_peering_cidr_2 62 | 63 | //tags = var.common_tags 64 | tags = merge(var.common_tags, { 65 | Name = "${var.aws_location_prefix}-S2SVPN" 66 | }) 67 | } 68 | resource "aws_vpn_connection" "main_2" { 69 | vpn_gateway_id = aws_vpn_gateway.main.id 70 | customer_gateway_id = aws_customer_gateway.main_2.id 71 | 72 | type = "ipsec.1" 73 | tunnel1_inside_cidr = var.aws_vpn_bgp_peering_cidr_3 74 | tunnel2_inside_cidr = var.aws_vpn_bgp_peering_cidr_4 75 | 76 | //tags = var.common_tags 77 | tags = merge(var.common_tags, { 78 | Name = "${var.aws_location_prefix}-S2SVPN" 79 | }) 80 | } -------------------------------------------------------------------------------- /modules/aws-to-azure-bgp-vpn/variables.tf: -------------------------------------------------------------------------------- 1 | variable "common_tags" { 2 | type = map(any) 3 | default = { 4 | "Provisioner" = "Terraform Cloud" 5 | } 6 | description = "AWS to Azure High Availability BGP VPN" 7 | } 8 | 9 | ### 10 | # AWS VARIABLES 11 | ### 12 | variable "aws_location" { 13 | type = string 14 | default = "us-east-1" 15 | description = "AWS Region" 16 | } 17 | 18 | variable "aws_location_prefix" { 19 | type = string 20 | default = "USE1-AWStoAzureVPN" 21 | description = "Name for Created Resources" 22 | } 23 | 24 | 25 | variable "aws_vpn_bgp_asn" { 26 | type = number 27 | default = 64512 28 | description = "AWS BGP ASN" 29 | } 30 | 31 | variable "aws_vpn_bgp_peering_cidr_1" { 32 | type = string 33 | default = "169.254.21.0/30" 34 | description = "AWS VPN BGP CIDR Peer" 35 | } 36 | 37 | variable "aws_vpn_bgp_peering_cidr_2" { 38 | type = string 39 | default = "169.254.22.0/30" 40 | description = "AWS VPN BGP CIDR Peer" 41 | } 42 | 43 | variable "aws_vpn_bgp_peering_cidr_3" { 44 | type = string 45 | default = "169.254.21.4/30" 46 | description = "AWS VPN BGP CIDR Peer" 47 | } 48 | 49 | variable "aws_vpn_bgp_peering_cidr_4" { 50 | type = string 51 | default = "169.254.22.4/30" 52 | description = "AWS VPN BGP CIDR Peer" 53 | } 54 | 55 | variable "aws_vpn_bgp_peering_address_1" { 56 | type = string 57 | default = "169.254.21.1" 58 | description = "AWS VPN BGP Peer IP Address" 59 | } 60 | 61 | variable "aws_vpn_bgp_peering_address_2" { 62 | type = string 63 | default = "169.254.22.1" 64 | description = "AWS VPN BGP Peer IP Address" 65 | } 66 | 67 | variable "aws_vpn_bgp_peering_address_3" { 68 | type = string 69 | default = "169.254.21.5" 70 | description = "AWS VPN BGP Peer IP Address" 71 | } 72 | 73 | variable "aws_vpn_bgp_peering_address_4" { 74 | type = string 75 | default = "169.254.22.5" 76 | description = "AWS VPN BGP Peer IP Address" 77 | } 78 | 79 | ### 80 | # AZURE VARIABLES 81 | ### 82 | variable "azure_location" { 83 | type = string 84 | default = "eastus" 85 | description = "Azure Region" 86 | } 87 | 88 | variable "azure_location_prefix" { 89 | type = string 90 | default = "EUS" 91 | description = "Add EUS for naming convention on Resources" 92 | } 93 | 94 | variable "azure_vnet_address_prefix" { 95 | type = string 96 | default = "172.31.0.0/16" 97 | description = "Virtual Network" 98 | } 99 | 100 | variable "azure_vnet_subnet_prefix_1" { 101 | type = string 102 | default = "172.31.0.0/24" 103 | description = "Default Subnet" 104 | } 105 | 106 | variable "azure_vnet_subnet_prefix_2" { 107 | type = string 108 | default = "172.31.254.0/24" 109 | description = "Gateway Subnet" 110 | } 111 | 112 | variable "azure_vpn_bgp_asn" { 113 | type = number 114 | default = 65515 115 | description = "Azure BGP ASN" 116 | } 117 | 118 | variable "azure_vpn_bgp_peering_cidr_1" { 119 | type = string 120 | default = "169.254.21.0/30" 121 | description = "Azure VPN BGP CIDR Peer" 122 | } 123 | 124 | variable "azure_vpn_bgp_peering_cidr_2" { 125 | type = string 126 | default = "169.254.22.0/30" 127 | description = "Azure VPN BGP CIDR Peer" 128 | } 129 | 130 | variable "azure_vpn_bgp_peering_cidr_3" { 131 | type = string 132 | default = "169.254.21.4/30" 133 | description = "Azure VPN BGP CIDR Peer" 134 | } 135 | 136 | variable "azure_vpn_bgp_peering_cidr_4" { 137 | type = string 138 | default = "169.254.22.4/30" 139 | description = "Azure VPN BGP CIDR Peer" 140 | } 141 | 142 | variable "azure_vpn_bgp_peering_address_1" { 143 | type = string 144 | default = "169.254.21.2" 145 | description = "Azure VPN BGP Peer IP Address" 146 | } 147 | 148 | variable "azure_vpn_bgp_peering_address_2" { 149 | type = string 150 | default = "169.254.22.2" 151 | description = "Azure VPN BGP Peer IP Address" 152 | } 153 | 154 | variable "azure_vpn_bgp_peering_address_3" { 155 | type = string 156 | default = "169.254.21.6" 157 | description = "Azure VPN BGP Peer IP Address" 158 | } 159 | 160 | variable "azure_vpn_bgp_peering_address_4" { 161 | type = string 162 | default = "169.254.22.6" 163 | description = "Azure VPN BGP Peer IP Address" 164 | } 165 | -------------------------------------------------------------------------------- /modules/beanstalk/README.md: -------------------------------------------------------------------------------- 1 | # AWS Elastic Beanstalk .NET 2 | 3 | Terraform module which manages AWS Elastic Beanstalk resources related to Windows Server 2022 (latest) with a sample ASP.NET application (_WebServer tier_), leveraging Application Load Balancer and Auto Scaling Group. What it manages: 4 | 5 | - IAM resources (role and instance profile) 6 | - Security groups 7 | - Beanstalk application 8 | - Beanstalk environment 9 | - Application Load Balancer 10 | - Auto Scaling group 11 | - EC2 instances 12 | 13 | ## Providers 14 | 15 | - hashicorp/aws | version = "~> 5.0" 16 | 17 | ## Variables description 18 | 19 | - **region (string)**: AWS Region where the resources should be deployed (optional / default = us-east-1) 20 | - **vpc_id (string)**: VPC ID where the environment will be deployed. If not set, Default VPC will be used (optional / default = null) 21 | - **private_subnets (list(string))**: Private subnets where the application instances will be deployed. If not set, private subnets from Default VPC will be used based on tag:value format _Tier:Private_ (optional / default = null) 22 | - **public_subnets (list(string))**: Public subnets where the Application Load Balancer will be deployed. If not set, public subnets from Default VPC will be used based on tag:value format _Tier:Public_ (optional / default = null) 23 | - **beanstalk_net_windows_application_name (string)**: Beanstalk application name (required) 24 | - **beanstalk_net_windows_application_description (string)**: Beanstalk application description (required) 25 | - **beanstalk_net_windows_environment_name (string)**: Beanstalk environment name (required) 26 | - **ec2_instance_type (string)**: EC2 instance type that is going to be deployed by Beanstalk (optional / default = t3.medium) 27 | - **asg_min_instances (number)**: Minimum number of instances to be addressed via ASG (optional / default = 1) 28 | - **asg_max_instances (number)**: Maximum number of instances to be addressed via ASG (optional / default = 2) 29 | - **tags (map(any))**: Tags to be applied (recommended) 30 | - **key_name (string)**: Key pair to securely log into the EC2 instances (required) 31 | - **acm_arn (string)**: ACM certificate ARN - only required if HTTPS needs to be enabled - an _HTTP to HTTPS_ redirect rule will also be created at the Application Load Balancer (optional / default = null) 32 | 33 | ## Usage 34 | 35 | ```hcl 36 | module "beanstalk" { 37 | source = "aws-samples/windows-workloads-on-aws/aws//modules/beanstalk" 38 | 39 | vpc_id = "vpc-1234567" 40 | private_subnets = ["subnet-123456","subnet-654321"] 41 | public_subnets = ["subnet-456789","subnet-987654"] 42 | beanstalk_net_framework_application_name = "Application name" 43 | beanstalk_net_framework_application_description = "Application description" 44 | beanstalk_net_framework_environment_name = "Development" 45 | ec2_instance_type = "t3.medium" 46 | acm_arn = "arn:aws:acm:us-east-2:123456789:certificate/e12345abc-1122-ab123-0101-123456789" 47 | asg_min_instances = 2 48 | asg_max_instances = 4 49 | key_name = "key01" 50 | 51 | tags = { 52 | tag1_name = "tag_value" 53 | tag2_name = "tag2_value" 54 | } 55 | } 56 | ``` 57 | ## Outputs 58 | 59 | - **beanstalk_net_windows_uri**: The URL to the Application Load Balancer for the Environment 60 | - **beanstalk_net_windows_cname**: Fully qualified DNS name for the Environment 61 | 62 | ## Notes 63 | 64 | - [checkov scan](https://www.checkov.io/) may report [CKV2_AWS_5](https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis) issue, which validates if a security group is attached to EC2 instances or ENIs resources. This may fail because, in this module, the security group is attached to the [aws_elastic_beanstalk_environment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elastic_beanstalk_environment) resource, which is not evaluated by CKV2_AWS_5. 65 | - [checkov scan](https://www.checkov.io/) may report [CKV2_AWS_312](https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-312) issue, which validates if the environment has enhanced reporting (_HealthStreamingEnabled_) option enabled on the _aws:elasticbeanstalk:healthreporting:system_ namespace. This may fail because this option is now related to the [_aws:elasticbeanstalk:cloudwatch:logs:health_ namespace](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html#command-options-general-cloudwatchlogs-health). 66 | - The Elastic Beanstalk API creates two default security groups: one for the Elastic Load Balancer (_awseb-e-xxxxxxxx-stack-AWSEBLoadBalancerSecurityGroup-YYYYYYYYYY_) and one for the EC2 Instances (_awseb-e-xxxxxxxx-stack-AWSEBSecurityGroup-YYYYYYYYYY_). To avoid affecting the default behavior, this module creates two additional security groups to address any tailored inbound and outbound rules needed for the environment. Related GitHub issues: [link1](https://github.com/aws/elastic-beanstalk-roadmap/issues/44) / [link2](https://github.com/hashicorp/terraform-provider-aws/issues/2002). -------------------------------------------------------------------------------- /modules/beanstalk/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | managedpolicies_beanstalk_service_role = [ 3 | "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth" 4 | ] 5 | 6 | managedpolicies_beanstalk_service_ec2_role = [ 7 | "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier", 8 | "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", 9 | "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker", 10 | "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier" 11 | ] 12 | 13 | inbound_ports = [80, 443] 14 | 15 | eb_environment_settings = [ 16 | { 17 | namespace = "aws:ec2:vpc" 18 | name = "VPCId" 19 | value = var.vpc_id == null ? data.aws_vpc.default_vpc_id.id : var.vpc_id 20 | }, 21 | { 22 | namespace = "aws:ec2:vpc" 23 | name = "Subnets" 24 | value = join(",", var.private_subnets == null ? data.aws_subnets.default_private_subnets.ids : var.private_subnets) 25 | }, 26 | { 27 | namespace = "aws:ec2:vpc" 28 | name = "AssociatePublicIpAddress" 29 | value = false 30 | }, 31 | { 32 | namespace = "aws:ec2:vpc" 33 | name = "ELBSubnets" 34 | value = join(",", var.public_subnets == null ? data.aws_subnets.default_public_subnets.ids : var.public_subnets) 35 | }, 36 | { 37 | namespace = "aws:ec2:vpc" 38 | name = "ELBScheme" 39 | value = "public" 40 | }, 41 | { 42 | namespace = "aws:elasticbeanstalk:environment:process:default" 43 | name = "MatcherHTTPCode" 44 | value = "200-299,300-304,307-308" 45 | }, 46 | { 47 | namespace = "aws:elasticbeanstalk:environment" 48 | name = "LoadBalancerType" 49 | value = "application" 50 | }, 51 | { 52 | namespace = "aws:autoscaling:launchconfiguration" 53 | name = "InstanceType" 54 | value = var.ec2_instance_type 55 | }, 56 | { 57 | namespace = "aws:autoscaling:launchconfiguration" 58 | name = "RootVolumeType" 59 | value = "gp3" 60 | }, 61 | { 62 | namespace = "aws:autoscaling:launchconfiguration" 63 | name = "IamInstanceProfile" 64 | value = "${aws_iam_instance_profile.beanstalk_net_windows_instance_profile.name}" 65 | }, 66 | { 67 | namespace = "aws:autoscaling:launchconfiguration" 68 | name = "SecurityGroups" 69 | value = "${aws_security_group.secgroup_beanstalk_net_windows.id}" 70 | }, 71 | { 72 | namespace = "aws:autoscaling:launchconfiguration" 73 | name = "SSHSourceRestriction" 74 | value = "tcp,22,22,${aws_security_group.secgroup_beanstalk_net_windows.id}" 75 | # https://github.com/hashicorp/terraform-provider-aws/issues/2002 76 | # https://github.com/aws/elastic-beanstalk-roadmap/issues/44 77 | }, 78 | { 79 | namespace = "aws:autoscaling:launchconfiguration" 80 | name = "EC2KeyName" 81 | value = var.key_name 82 | }, 83 | { 84 | namespace = "aws:autoscaling:asg" 85 | name = "MinSize" 86 | value = var.asg_min_instances 87 | }, 88 | { 89 | namespace = "aws:autoscaling:asg" 90 | name = "MaxSize" 91 | value = var.asg_max_instances 92 | }, 93 | { 94 | namespace = "aws:elasticbeanstalk:managedactions" 95 | name = "ManagedActionsEnabled" 96 | value = "true" 97 | }, 98 | { 99 | namespace = "aws:elasticbeanstalk:managedactions" 100 | name = "PreferredStartTime" 101 | value = "Sat:00:00" 102 | }, 103 | { 104 | namespace = "aws:elasticbeanstalk:managedactions" 105 | name = "ServiceRoleForManagedUpdates" 106 | value = "AWSServiceRoleForElasticBeanstalkManagedUpdates" 107 | }, 108 | { 109 | namespace = "aws:elasticbeanstalk:managedactions:platformupdate" 110 | name = "UpdateLevel" 111 | value = "minor" 112 | }, 113 | { 114 | namespace = "aws:elasticbeanstalk:healthreporting:system" 115 | name = "SystemType" 116 | value = "enhanced" 117 | }, 118 | { 119 | namespace = "aws:elasticbeanstalk:healthreporting:system" 120 | name = "EnhancedHealthAuthEnabled" 121 | value = "true" 122 | }, 123 | { 124 | namespace = "aws:elasticbeanstalk:cloudwatch:logs:health" 125 | name = "HealthStreamingEnabled" 126 | value = "true" 127 | }, 128 | { 129 | namespace = "aws:elasticbeanstalk:cloudwatch:logs" 130 | name = "StreamLogs" 131 | value = "true" 132 | }, 133 | { 134 | namespace = "aws:elasticbeanstalk:cloudwatch:logs" 135 | name = "RetentionInDays" 136 | value = 7 137 | }, 138 | { 139 | namespace = "aws:elbv2:loadbalancer" 140 | name = "SecurityGroups" 141 | value = "${aws_security_group.secgroup_beanstalk_elb.id}" 142 | }, 143 | { 144 | namespace = var.acm_arn == null ? "aws:elbv2:listener:default" : "aws:elbv2:listener:443" 145 | name = "ListenerEnabled" 146 | value = "true" 147 | }, 148 | { 149 | namespace = var.acm_arn == null ? "aws:elbv2:listener:default" : "aws:elbv2:listener:443" 150 | name = "Protocol" 151 | value = var.acm_arn == null ? "HTTP" : "HTTPS" 152 | }, 153 | { 154 | namespace = var.acm_arn == null ? "aws:elbv2:listener:default" : "aws:elbv2:listener:443" 155 | name = "SSLCertificateArns" 156 | value = var.acm_arn == null ? "" : var.acm_arn 157 | } 158 | ] 159 | } -------------------------------------------------------------------------------- /modules/beanstalk/main.tf: -------------------------------------------------------------------------------- 1 | ## Providers settings 2 | 3 | terraform { 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 5.0" 8 | } 9 | } 10 | } 11 | 12 | provider "aws" { 13 | region = var.region 14 | } 15 | 16 | ## Data 17 | 18 | data "aws_elastic_beanstalk_solution_stack" "net_windows" { 19 | most_recent = true 20 | name_regex = "^64bit Windows Server 2022 (.*) running IIS (.*)$" 21 | } 22 | 23 | data "aws_vpc" "default_vpc_id" { 24 | default = true 25 | 26 | lifecycle { 27 | postcondition { 28 | condition = self.enable_dns_support == true 29 | error_message = "The selected VPC must have DNS support enabled." 30 | } 31 | } 32 | } 33 | 34 | data "aws_subnets" "default_private_subnets" { 35 | filter { 36 | name = "vpc-id" 37 | values = [data.aws_vpc.default_vpc_id.id] 38 | } 39 | 40 | tags = { 41 | Tier = "Private" 42 | } 43 | } 44 | 45 | data "aws_subnets" "default_public_subnets" { 46 | filter { 47 | name = "vpc-id" 48 | values = [data.aws_vpc.default_vpc_id.id] 49 | } 50 | 51 | tags = { 52 | Tier = "Public" 53 | } 54 | } 55 | 56 | ## IAM resources 57 | 58 | resource "aws_iam_role" "beanstalk_net_windows_ec2_role" { 59 | name = "iam_beanstalk_net_windows_ec2_role" 60 | path = "/" 61 | managed_policy_arns = local.managedpolicies_beanstalk_service_ec2_role 62 | 63 | assume_role_policy = jsonencode({ 64 | Version = "2008-10-17" 65 | Statement = [ 66 | { 67 | Action = "sts:AssumeRole" 68 | Sid = "" 69 | Effect = "Allow" 70 | Principal = { 71 | Service = "ec2.amazonaws.com" 72 | } 73 | }, 74 | ] 75 | }) 76 | } 77 | 78 | resource "aws_iam_instance_profile" "beanstalk_net_windows_instance_profile" { 79 | name = "iam_beanstalk_net_windows_instance_profile" 80 | role = aws_iam_role.beanstalk_net_windows_ec2_role.name 81 | } 82 | 83 | resource "aws_iam_role" "beanstalk_net_windows_role" { 84 | name = "iam_beanstalk_net_windows_instance_role" 85 | path = "/" 86 | managed_policy_arns = local.managedpolicies_beanstalk_service_role 87 | 88 | assume_role_policy = jsonencode({ 89 | Version = "2012-10-17" 90 | Statement = [ 91 | { 92 | Action = "sts:AssumeRole" 93 | Sid = "" 94 | Effect = "Allow" 95 | Principal = { 96 | Service = "elasticbeanstalk.amazonaws.com" 97 | } 98 | }, 99 | ] 100 | }) 101 | } 102 | 103 | ## Security groups 104 | 105 | resource "aws_security_group" "secgroup_beanstalk_elb" { 106 | name = "secgroup_beanstalk_elb" 107 | description = "Allows traffic to ELB resources" 108 | vpc_id = var.vpc_id == null ? data.aws_vpc.default_vpc_id.id : var.vpc_id 109 | 110 | dynamic "ingress" { 111 | for_each = local.inbound_ports 112 | content { 113 | from_port = ingress.value 114 | to_port = ingress.value 115 | protocol = "tcp" 116 | cidr_blocks = ["0.0.0.0/0"] 117 | description = "Allow HTTP/HTTPS inbound from anyhwere" 118 | } 119 | } 120 | 121 | egress { 122 | from_port = 0 123 | to_port = 0 124 | protocol = "-1" 125 | cidr_blocks = ["0.0.0.0/0"] 126 | ipv6_cidr_blocks = ["::/0"] 127 | description = "Allow all outbound" 128 | } 129 | 130 | tags = var.tags 131 | } 132 | 133 | resource "aws_security_group" "secgroup_beanstalk_net_windows" { 134 | name = "secgroup_beanstalk_net_windows" 135 | description = "Allows traffic to Beanstalk resources" 136 | vpc_id = var.vpc_id == null ? data.aws_vpc.default_vpc_id.id : var.vpc_id 137 | 138 | dynamic "ingress" { 139 | for_each = local.inbound_ports 140 | content { 141 | from_port = ingress.value 142 | to_port = ingress.value 143 | protocol = "tcp" 144 | description = "Allow HTTP/HTTPS inbound from the ELB security group" 145 | 146 | security_groups = [ 147 | "${aws_security_group.secgroup_beanstalk_elb.id}", 148 | ] 149 | } 150 | } 151 | 152 | egress { 153 | from_port = 0 154 | to_port = 0 155 | protocol = "-1" 156 | cidr_blocks = ["0.0.0.0/0"] 157 | ipv6_cidr_blocks = ["::/0"] 158 | description = "Allow all outbound" 159 | } 160 | 161 | tags = var.tags 162 | } 163 | 164 | ## Beanstalk deployment (Windows + ASP.NET sample) 165 | 166 | resource "aws_elastic_beanstalk_application" "net_windows_application" { 167 | name = var.beanstalk_net_windows_application_name 168 | description = var.beanstalk_net_windows_application_description 169 | 170 | appversion_lifecycle { 171 | service_role = aws_iam_role.beanstalk_net_windows_role.arn 172 | max_count = 128 173 | delete_source_from_s3 = true 174 | } 175 | } 176 | 177 | resource "aws_elastic_beanstalk_environment" "net_windows_environment" { 178 | name = var.beanstalk_net_windows_environment_name 179 | application = aws_elastic_beanstalk_application.net_windows_application.name 180 | solution_stack_name = data.aws_elastic_beanstalk_solution_stack.net_windows.name 181 | cname_prefix = replace(var.beanstalk_net_windows_application_name, " ", "-") 182 | 183 | dynamic "setting" { 184 | for_each = local.eb_environment_settings 185 | content { 186 | namespace = setting.value.namespace 187 | name = setting.value.name 188 | value = setting.value.value 189 | } 190 | } 191 | 192 | tags = var.tags 193 | } 194 | 195 | # Sets HTTP to HTTPS redirect at the ALB when var.acm_arn is not null 196 | 197 | data "aws_lb_listener" "http_listener" { 198 | 199 | load_balancer_arn = aws_elastic_beanstalk_environment.net_windows_environment.load_balancers[0] 200 | port = 80 201 | } 202 | 203 | resource "aws_lb_listener_rule" "redirect_http_to_https" { 204 | count = var.acm_arn == null ? 0 : 1 205 | 206 | listener_arn = data.aws_lb_listener.http_listener.arn 207 | priority = 1 208 | 209 | action { 210 | type = "redirect" 211 | 212 | redirect { 213 | port = "443" 214 | protocol = "HTTPS" 215 | status_code = "HTTP_301" 216 | } 217 | } 218 | 219 | condition { 220 | path_pattern { 221 | values = ["/*"] 222 | } 223 | } 224 | } -------------------------------------------------------------------------------- /modules/beanstalk/outputs.tf: -------------------------------------------------------------------------------- 1 | output "beanstalk_net_windows_uri" { 2 | value = aws_elastic_beanstalk_environment.net_windows_environment.endpoint_url 3 | } 4 | 5 | output "beanstalk_net_windows_cname" { 6 | value = aws_elastic_beanstalk_environment.net_windows_environment.cname 7 | } -------------------------------------------------------------------------------- /modules/beanstalk/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | description = "AWS Region where the resources will be deployed" 4 | default = "us-east-1" 5 | } 6 | 7 | variable "vpc_id" { 8 | type = string 9 | description = "VPC ID where the environment will be deployed" 10 | default = null 11 | } 12 | 13 | variable "private_subnets" { 14 | type = list(string) 15 | description = "Private subnets where the application will be deployed" 16 | default = null 17 | } 18 | 19 | variable "public_subnets" { 20 | type = list(string) 21 | description = "Public subnets where the ALB will be deployed" 22 | default = null 23 | } 24 | 25 | variable "beanstalk_net_windows_application_name" { 26 | type = string 27 | description = "Beanstalk application name" 28 | } 29 | 30 | variable "beanstalk_net_windows_application_description" { 31 | type = string 32 | description = "Beanstalk application description" 33 | } 34 | 35 | variable "beanstalk_net_windows_environment_name" { 36 | type = string 37 | description = "Beanstalk environment name" 38 | } 39 | 40 | variable "ec2_instance_type" { 41 | type = string 42 | default = "t3.medium" 43 | description = "Sets EC2 instance type (default = t3.medium)" 44 | } 45 | 46 | variable "acm_arn" { 47 | type = string 48 | default = null 49 | description = "ACM certificate ARN to enable HTTPS" 50 | } 51 | 52 | variable "asg_min_instances" { 53 | type = number 54 | default = 1 55 | description = "Minimum number of instances to be addressed via ASG (default = 1)" 56 | } 57 | 58 | variable "asg_max_instances" { 59 | type = number 60 | default = 2 61 | description = "Maximum number of instances to be addressed via ASG (default = 2)" 62 | } 63 | 64 | variable "tags" { 65 | type = map(any) 66 | default = {} 67 | } 68 | 69 | variable "key_name" { 70 | type = string 71 | description = "Key pair to securely log into the EC2 instances" 72 | } -------------------------------------------------------------------------------- /modules/ecs-ec2-windows/README.md: -------------------------------------------------------------------------------- 1 | # Amazon ECS for Windows containers 2 | 3 | Terraform module which deploys an ECS cluster for Windows containers using EC2 Windows-based tasks. 4 | 5 | ## Providers 6 | 7 | - hashicorp/aws | version = "~> 5.0" 8 | 9 | ## Variables description 10 | - **ecs_windows_cluster_name (string)**: Name for the ECS cluster 11 | - **access_logs_bucket (string)**: Bucket for storing the ALB access logs 12 | - **ecsTaskExecutionRole_name (string)**: Name for the ECS task execution role 13 | - **ecsInstanceRole_name (string)**: Name for the ECS container instance IAM role 14 | - **ecs_windows_ecsInstanceRole_profile_name (string)**: Name for the ECS windows instance profile 15 | - **alb_ingress_name (string)**: Name for the ALB ingress security group 16 | - **ecs_container_instances_ingress_name (string)**: Name for the ECS container instances security group 17 | - **alb_ingress_ports (list(number))**: List of ports opened from Internet to ALB 18 | - **container_instances_ingress_ports ()**: List of ports opened from ALB to Container Instances 19 | - **launch_template_name (string)**: Name for the launch template 20 | - **ec2_instance_types (string)**: EC2 instance type 21 | - **asg_name (string)**: Name for the Auto Scaling Group 22 | - **asg_desired_capacity (number)**: Desired capacity for the Auto Scaling Group 23 | - **asg_max_size (number)**: Maximum capacity for the Auto Scaling Group 24 | - **asg_min_size (number)**: Minimum capacity for the Auto Scaling Group 25 | - **ec2_task_definition_name (string)**: Name for the EC2 task definition 26 | - **ec2_task_definition_cpu (number)**: CPU for the EC2 task definition 27 | - **ec2_task_definition_memory (number)**: Memory for the EC2 task definition 28 | - **ec2_task_definition_image (string)**: Container image for the EC2 task definition 29 | - **ecs_service_name (string)**: Name for the ECS service 30 | - **desired_task_count (number)**: Desired tasks for the ECS service 31 | - **alb_name (string)**: Name for the Application Load Balancer 32 | - **alb_target_group_name (string)**: Name for the ALB target group - Only alphanumeric characters and hyphens allowed in name 33 | 34 | 35 | ## Usage 36 | 37 | ```hcl 38 | module "ecs-windows" { 39 | source = "aws-samples/windows-workloads-on-aws/aws//modules/ecs-ec2-windows" 40 | 41 | alb_name = "ecs-alb" 42 | ecs_service_name = "ecs_service_windows" 43 | desired_task_count = 2 44 | } 45 | ``` 46 | ## Outputs 47 | 48 | - **alb_security_group_id**: Security group ID 49 | - **ecs_container_instances_security_group_id**: ECS Container instances security group ID 50 | - **ecs_launch_template_output**: ECS launch template output 51 | -------------------------------------------------------------------------------- /modules/ecs-ec2-windows/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | internet = "0.0.0.0/0" 3 | 4 | managedpolicies_AmazonEC2ContainerServiceforEC2Role = [ 5 | "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role", 6 | "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" 7 | ] 8 | 9 | managedpolicies_AmazonECSTaskExecutionRolePolicy = [ 10 | "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" 11 | ] 12 | 13 | vpce = [ 14 | "com.amazonaws.us-east-1.ecs", 15 | "com.amazonaws.us-east-1.ecs-agent", 16 | "com.amazonaws.us-east-1.ecs-telemetry", 17 | "com.amazonaws.us-east-1.ecr.api", 18 | "com.amazonaws.us-east-1.ecr.dkr" 19 | ] 20 | 21 | asg_metrics = [ 22 | "GroupMinSize", 23 | "GroupMaxSize", 24 | "GroupDesiredCapacity", 25 | "GroupInServiceInstances", 26 | "GroupPendingInstances", 27 | "GroupStandbyInstances", 28 | "GroupTerminatingInstances", 29 | "GroupTotalInstances", 30 | "GroupInServiceCapacity", 31 | "GroupInServiceCapacity", 32 | "GroupPendingCapacity", 33 | "GroupStandbyCapacity", 34 | "GroupTerminatingCapacity", 35 | "GroupTotalCapacity", 36 | "WarmPoolDesiredCapacity", 37 | "WarmPoolWarmedCapacity", 38 | "WarmPoolPendingCapacity", 39 | "WarmPoolTerminatingCapacity", 40 | "WarmPoolTotalCapacity", 41 | "GroupAndWarmPoolDesiredCapacity", 42 | "GroupAndWarmPoolTotalCapacity", 43 | ] 44 | } 45 | 46 | locals { 47 | http_port = 80 48 | any_port = 0 49 | any_protocol = "-1" 50 | tcp_protocol = "tcp" 51 | all_ips_ipv4 = ["0.0.0.0/0"] 52 | all_ips_ipv6 = ["::/0"] 53 | } 54 | 55 | -------------------------------------------------------------------------------- /modules/ecs-ec2-windows/outputs.tf: -------------------------------------------------------------------------------- 1 | ## Security Group ID 2 | 3 | output "alb_security_group_id" { 4 | value = aws_security_group.alb_ingress.id 5 | } 6 | 7 | output "ecs_container_instances_security_group_id" { 8 | value = aws_security_group.ecs_container_instances_ingress.id 9 | } 10 | 11 | ## Launch Template ID 12 | 13 | output "ecs_launch_template_output" { 14 | value = aws_launch_template.ecs_container_instances.id 15 | } -------------------------------------------------------------------------------- /modules/ecs-ec2-windows/variables.tf: -------------------------------------------------------------------------------- 1 | ## ECS Cluster 2 | 3 | variable "ecs_windows_cluster_name" { 4 | type = string 5 | default = "ECS-Windows" 6 | description = "Name for the ECS cluster" 7 | } 8 | 9 | ## ECS IAM Roles and Instance Roles 10 | 11 | variable "ecsTaskExecutionRole_name" { 12 | type = string 13 | default = "ecs_windows_ecsTaskExecutionRole" 14 | description = "Name for the ECS task execution role" 15 | } 16 | 17 | variable "ecsInstanceRole_name" { 18 | type = string 19 | default = "ecs_windows_ecsInstanceRole" 20 | description = "Name for the ECS container instance IAM role" 21 | } 22 | 23 | variable "ecs_windows_ecsInstanceRole_profile_name" { 24 | type = string 25 | default = "ecs_windows_ecsInstanceRole_profile" 26 | description = "Name for the ECS windows instance profile" 27 | } 28 | 29 | ## Security Group 30 | 31 | variable "alb_ingress_name" { 32 | type = string 33 | default = "ECS - Application Load Balancer - Ingress" 34 | description = "Name for the ALB ingress security group" 35 | } 36 | 37 | variable "ecs_container_instances_ingress_name" { 38 | type = string 39 | default = "ecs_container_instances_ingress" 40 | description = "Name for the ECS container instances security group" 41 | } 42 | 43 | variable "alb_ingress_ports" { 44 | type = list(number) 45 | default = [80, 443] 46 | description = "List of ports opened from Internet to ALB" 47 | } 48 | 49 | variable "container_instances_ingress_ports" { 50 | type = list(number) 51 | default = [80, 443] 52 | description = "List of ports opened from ALB to Container Instances" 53 | } 54 | 55 | ## Launch Template 56 | 57 | variable "launch_template_name" { 58 | type = string 59 | default = "ECS_Windows_LT" 60 | description = "Name for the launch template" 61 | } 62 | 63 | variable "ec2_instance_types" { 64 | type = string 65 | default = "t3.medium" 66 | description = "EC2 instance type" 67 | } 68 | 69 | ## Auto Scaling Group 70 | 71 | variable "asg_name" { 72 | type = string 73 | default = "ASG_ECS_Windows" 74 | description = "Name for the Auto Scaling Group" 75 | } 76 | 77 | variable "asg_desired_capacity" { 78 | type = number 79 | default = 2 80 | description = "Desired capacity for the Auto Scaling Group" 81 | } 82 | 83 | variable "asg_max_size" { 84 | type = number 85 | default = 100 86 | description = "Maximum capacity for the Auto Scaling Group" 87 | } 88 | 89 | variable "asg_min_size" { 90 | type = number 91 | default = 1 92 | description = "Minimum capacity for the Auto Scaling Group" 93 | } 94 | 95 | ## ECS Task Definitions 96 | 97 | ### Fargate Task_Definition 98 | 99 | variable "fargate_task_definition_name" { 100 | type = string 101 | default = "iis_fargate" 102 | description = "Name for the Fargate task definition" 103 | } 104 | 105 | variable "fargate_task_definition_cpu" { 106 | type = number 107 | default = "1024" 108 | description = "CPU for the Fargate task definition" 109 | } 110 | 111 | variable "fargate_task_definition_memory" { 112 | type = number 113 | default = "2048" 114 | description = "Memory for the Fargate task definition" 115 | } 116 | 117 | variable "fargate_task_definition_image" { 118 | type = string 119 | default = "mcr.microsoft.com/windows/servercore/iis:latest" 120 | description = "Container image for the Fargate task definition" 121 | } 122 | 123 | ### EC2 Task_Definition 124 | 125 | variable "ec2_task_definition_name" { 126 | type = string 127 | default = "iis_ec2" 128 | description = "Name for the EC2 task definition" 129 | } 130 | 131 | variable "ec2_task_definition_cpu" { 132 | type = number 133 | default = "1024" 134 | description = "CPU for the EC2 task definition" 135 | } 136 | 137 | variable "ec2_task_definition_memory" { 138 | type = number 139 | default = "1024" 140 | description = "Memory for the EC2 task definition" 141 | } 142 | 143 | variable "ec2_task_definition_image" { 144 | type = string 145 | default = "mcr.microsoft.com/windows/servercore/iis:latest" 146 | description = "Container image for the EC2 task definition" 147 | } 148 | 149 | ## ECS Service 150 | 151 | variable "ecs_service_name" { 152 | type = string 153 | default = "ecs_service_windows" 154 | description = "Name for the ECS service" 155 | } 156 | 157 | variable "desired_task_count" { 158 | type = number 159 | default = "2" 160 | description = "Desired tasks for the ECS service" 161 | } 162 | 163 | ## ALB 164 | 165 | variable "alb_name" { 166 | type = string 167 | default = "ecs-alb" 168 | description = "Name for the Application Load Balancer" 169 | } 170 | 171 | ## ALB Target Group 172 | 173 | variable "alb_target_group_name" { 174 | type = string 175 | default = "ecs-alb-target-group" 176 | description = "Name for the ALB target group - Only alphanumeric characters and hyphens allowed in name" 177 | } -------------------------------------------------------------------------------- /modules/ecs-fargate-windows/README.md: -------------------------------------------------------------------------------- 1 | # Amazon ECS for Windows containers 2 | 3 | Terraform module, which deploys an ECS cluster for Windows containers using Fargate Windows-based tasks. It is required to wait until Fargate tasks reach Running status before accessing the ALB DNS Name output. 4 | 5 | ## Providers 6 | 7 | - hashicorp/aws | version = "~> 5.0" 8 | 9 | ## Variables description 10 | - **ecs_windows_cluster_name (string)**: ECS Cluster name 11 | - **ecsTaskExecutionRole_name (string)**: Name for the ECS task execution role 12 | - **alb_ingress_name (string)**: Name for the ALB ingress security group 13 | - **alb_ingress_ports (list(number))**: List of ports opened from Internet to ALB 14 | - **ecs_fargate_task_name (string)**: Fargate task name 15 | - **fargate_task_definition_name (string)**: Fargate task definition name 16 | - **fargate_task_definition_cpu (number)**: Fargate task CPU count 17 | - **fargate_task_definition_memory (number)**: Fargate task Memory count 18 | - **fargate_task_definition_image (string)**: Windows container image 19 | - **ecs_service_name (string)**: Name for the ECS service 20 | - **desired_task_count (number)**: Desired tasks for the ECS service 21 | - **alb_name (string)**: Name for the Application Load Balancer 22 | - **alb_target_group_name (string)**: Name for the ALB target group - Only alphanumeric characters and hyphens allowed in name 23 | 24 | ## Usage 25 | 26 | ```hcl 27 | module "ecs-windows" { 28 | source = "aws-samples/windows-workloads-on-aws/aws//modules/ecs-fargate-windows" 29 | 30 | alb_name = "fargate-windows-2022-iis-alb" 31 | ecs_service_name = "fargate-windows-2022-iis" 32 | desired_task_count = 2 33 | } 34 | ``` 35 | ## Outputs 36 | 37 | - **aws_lb.ecs_alb.dns_name**: ALB DNS Name 38 | -------------------------------------------------------------------------------- /modules/ecs-fargate-windows/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | internet = "0.0.0.0/0" 3 | 4 | managedpolicies_AmazonEC2ContainerServiceforEC2Role = [ 5 | "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role", 6 | "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" 7 | ] 8 | 9 | managedpolicies_AmazonECSTaskExecutionRolePolicy = [ 10 | "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" 11 | ] 12 | 13 | vpce = [ 14 | "com.amazonaws.us-east-1.ecs", 15 | "com.amazonaws.us-east-1.ecs-agent", 16 | "com.amazonaws.us-east-1.ecs-telemetry", 17 | "com.amazonaws.us-east-1.ecr.api", 18 | "com.amazonaws.us-east-1.ecr.dkr" 19 | ] 20 | } 21 | 22 | locals { 23 | http_port = 80 24 | any_port = 0 25 | any_protocol = "-1" 26 | tcp_protocol = "tcp" 27 | all_ips_ipv4 = ["0.0.0.0/0"] 28 | all_ips_ipv6 = ["::/0"] 29 | } 30 | 31 | 32 | -------------------------------------------------------------------------------- /modules/ecs-fargate-windows/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = "~> 5.0" 6 | } 7 | } 8 | } 9 | 10 | provider "aws" { 11 | region = "us-east-1" 12 | } 13 | 14 | ## Data 15 | data "aws_vpc" "vpc_id" { 16 | filter { 17 | name = "tag:Name" 18 | values = ["VPC"] 19 | } 20 | lifecycle { 21 | postcondition { 22 | condition = self.enable_dns_support == true 23 | error_message = "The selected VPC must have DNS support enabled." 24 | } 25 | } 26 | } 27 | 28 | data "aws_subnets" "private_subnets" { 29 | filter { 30 | name = "tag:Tier" 31 | values = ["Private"] 32 | } 33 | } 34 | 35 | data "aws_subnets" "public_subnets" { 36 | filter { 37 | name = "tag:Tier" 38 | values = ["Public"] 39 | } 40 | } 41 | 42 | ## ECS Windows Cluster 43 | 44 | resource "aws_ecs_cluster" "ecs_windows_cluster" { 45 | name = var.ecs_windows_cluster_name 46 | 47 | setting { 48 | name = "containerInsights" 49 | value = "enabled" 50 | } 51 | } 52 | 53 | ## ECS IAM Role 54 | 55 | resource "aws_iam_role" "ecsTaskExecutionRole" { 56 | name = var.ecsTaskExecutionRole_name 57 | path = "/" 58 | managed_policy_arns = local.managedpolicies_AmazonECSTaskExecutionRolePolicy 59 | 60 | assume_role_policy = jsonencode({ 61 | Version = "2012-10-17" 62 | Statement = [ 63 | { 64 | Action = "sts:AssumeRole" 65 | Sid = "" 66 | Effect = "Allow" 67 | Principal = { 68 | Service = "ecs-tasks.amazonaws.com" 69 | } 70 | }, 71 | ] 72 | }) 73 | } 74 | 75 | ## Security Groups 76 | 77 | resource "aws_security_group" "alb_ingress" { 78 | name = var.alb_ingress_name 79 | description = "Ingress traffic from Internet" 80 | vpc_id = data.aws_vpc.vpc_id.id 81 | 82 | dynamic "ingress" { 83 | for_each = var.alb_ingress_ports 84 | content { 85 | from_port = ingress.value 86 | to_port = ingress.value 87 | protocol = local.tcp_protocol 88 | cidr_blocks = local.all_ips_ipv4 89 | } 90 | } 91 | 92 | egress { 93 | from_port = local.any_port 94 | to_port = local.any_port 95 | protocol = local.any_protocol 96 | cidr_blocks = local.all_ips_ipv4 97 | ipv6_cidr_blocks = local.all_ips_ipv6 98 | } 99 | } 100 | 101 | resource "aws_security_group" "ecs_fargate_task_ingress" { 102 | name = "Security Group for ECS Fargate Windows task" 103 | description = "Ingress traffic from ALB to Fargate task" 104 | vpc_id = data.aws_vpc.vpc_id.id 105 | 106 | ingress { 107 | description = "HTTP Port" 108 | from_port = 80 109 | to_port = 80 110 | protocol = "tcp" 111 | security_groups = [aws_security_group.alb_ingress.id] 112 | } 113 | 114 | egress { 115 | from_port = local.any_port 116 | to_port = local.any_port 117 | protocol = local.any_protocol 118 | cidr_blocks = local.all_ips_ipv4 119 | ipv6_cidr_blocks = local.all_ips_ipv6 120 | } 121 | } 122 | 123 | ### Fargate Task_Definition 124 | 125 | resource "aws_ecs_task_definition" "fargate_task_definition_iis" { 126 | family = var.fargate_task_definition_name 127 | requires_compatibilities = ["FARGATE"] 128 | network_mode = "awsvpc" 129 | cpu = var.fargate_task_definition_cpu 130 | memory = var.fargate_task_definition_memory 131 | execution_role_arn = aws_iam_role.ecsTaskExecutionRole.arn 132 | task_role_arn = aws_iam_role.ecsTaskExecutionRole.arn 133 | 134 | container_definitions = jsonencode([{ 135 | name = "iis_fargate" 136 | image = "${var.fargate_task_definition_image}" 137 | essential = true 138 | portMappings = [{ 139 | protocol = "tcp" 140 | containerPort = 80 141 | hostPort = 80 142 | }] 143 | }] 144 | ) 145 | 146 | runtime_platform { 147 | operating_system_family = "WINDOWS_SERVER_2022_CORE" 148 | cpu_architecture = "X86_64" 149 | } 150 | } 151 | 152 | ## Amazon ECS Service 153 | 154 | resource "aws_ecs_service" "ecs_fargate" { 155 | name = var.ecs_service_name 156 | cluster = aws_ecs_cluster.ecs_windows_cluster.id 157 | task_definition = aws_ecs_task_definition.fargate_task_definition_iis.id 158 | desired_count = var.desired_task_count 159 | enable_execute_command = true 160 | scheduling_strategy = "REPLICA" 161 | launch_type = "FARGATE" 162 | 163 | network_configuration { 164 | subnets = data.aws_subnets.private_subnets.ids 165 | security_groups = [aws_security_group.ecs_fargate_task_ingress.id] 166 | assign_public_ip = false 167 | } 168 | 169 | load_balancer { 170 | target_group_arn = aws_lb_target_group.ecs_alb_target_group.arn 171 | container_name = "iis_fargate" 172 | container_port = 80 173 | } 174 | } 175 | 176 | ## ALB 177 | 178 | resource "aws_lb" "ecs_alb" { 179 | name = var.alb_name 180 | internal = false 181 | load_balancer_type = "application" 182 | security_groups = [aws_security_group.alb_ingress.id] 183 | subnets = data.aws_subnets.public_subnets.ids 184 | idle_timeout = 60 185 | enable_http2 = true 186 | desync_mitigation_mode = "defensive" 187 | } 188 | 189 | ## ALB Target Group 190 | 191 | resource "aws_lb_target_group" "ecs_alb_target_group" { 192 | name = var.alb_target_group_name 193 | target_type = "ip" 194 | port = 80 195 | protocol = "HTTP" 196 | vpc_id = data.aws_vpc.vpc_id.id 197 | load_balancing_algorithm_type = "round_robin" 198 | 199 | health_check { 200 | path = "/" 201 | protocol = "HTTP" 202 | healthy_threshold = 5 203 | unhealthy_threshold = 2 204 | timeout = 5 205 | interval = 30 206 | matcher = 200 207 | } 208 | } 209 | 210 | ## ALB Target Group Listerner 211 | 212 | resource "aws_alb_listener" "ecs_alb_listener" { 213 | load_balancer_arn = aws_lb.ecs_alb.arn 214 | port = 80 215 | protocol = "HTTP" 216 | 217 | default_action { 218 | type = "forward" 219 | target_group_arn = aws_lb_target_group.ecs_alb_target_group.arn 220 | } 221 | } 222 | -------------------------------------------------------------------------------- /modules/ecs-fargate-windows/output.tf: -------------------------------------------------------------------------------- 1 | ## ALB DNS Name 2 | 3 | output "alb_dns_name" { 4 | value = aws_lb.ecs_alb.dns_name 5 | } 6 | -------------------------------------------------------------------------------- /modules/ecs-fargate-windows/variables.tf: -------------------------------------------------------------------------------- 1 | ## ECS Cluster 2 | 3 | variable "ecs_windows_cluster_name" { 4 | type = string 5 | default = "ECS-Windows" 6 | } 7 | 8 | ## ECS IAM Roles and Instance Roles 9 | 10 | variable "ecsTaskExecutionRole_name" { 11 | type = string 12 | default = "ecs_windows_ecsTaskExecutionRole" 13 | } 14 | 15 | ## Security Group 16 | 17 | variable "alb_ingress_name" { 18 | type = string 19 | default = "ECS - Application Load Balancer - Ingress" 20 | } 21 | 22 | variable "alb_ingress_ports" { 23 | type = list(number) 24 | description = "List of ports opened from Internet to ALB" 25 | default = [80, 443] 26 | } 27 | 28 | ## ECS Task Definitions 29 | 30 | ### Fargate Task_Definition 31 | 32 | variable "fargate_task_definition_name" { 33 | type = string 34 | default = "iis_fargate" 35 | } 36 | 37 | variable "fargate_task_definition_cpu" { 38 | type = number 39 | default = "1024" 40 | } 41 | 42 | variable "fargate_task_definition_memory" { 43 | type = number 44 | default = "2048" 45 | } 46 | 47 | variable "fargate_task_definition_image" { 48 | type = string 49 | default = "mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2022" 50 | } 51 | 52 | ## ECS Service 53 | 54 | variable "ecs_service_name" { 55 | type = string 56 | default = "fargate-windows-2022-iis" 57 | } 58 | 59 | variable "desired_task_count" { 60 | type = number 61 | default = "2" 62 | } 63 | 64 | ## ALB 65 | 66 | variable "alb_name" { 67 | type = string 68 | default = "fargate-windows-2022-iis-alb" 69 | } 70 | 71 | ## ALB Target Group 72 | 73 | variable "alb_target_group_name" { 74 | type = string 75 | default = "fargate-iis-target-group" 76 | description = "Only alphanumeric characters and hyphens allowed in name" 77 | } -------------------------------------------------------------------------------- /modules/eks-custom-ami-ec2-image-builder/README.md: -------------------------------------------------------------------------------- 1 | # EC2 Image Builder for EKS Custom Windows Optimized AMI 2 | 3 | Terraform module which deploys an EC2 Image Builder pipeline that creates EKS custom Windows Optimized AMI 4 | 5 | ## Providers 6 | 7 | - hashicorp/aws | version = "~> 5.0" 8 | 9 | ## Variables description 10 | - **eks_cluster_version (string)**: Amazon EKS cluster version 11 | - **region (string)**: AWS region to deploy the pipeline 12 | - **image_recipe_name (string)**: EC2 Image Builder image recipe name 13 | - **image_recipe_version (string)**: EC2 Image Builder image recipe name 14 | - **component_name_image_cache (string)**: Image cache components that name 15 | - **image_pipeline_timezone (string)**: Sets the pipeline timezone for recurring runnings 16 | - **fast_launch_max_parallel_launches (string)**: Controls how many instances can be launched at a time for creating the pre-provisioned snapshots 17 | - **snapshot_configuration_target_resource_count (string)**: The number of pre-provisioned snapshots to keep on hand for an AMI with faster launching enabled 18 | 19 | ## Usage 20 | 21 | ```hcl 22 | module "ecs-windows" { 23 | source = "aws-samples/windows-workloads-on-aws/aws//modules/eks-custom-ami-ec2-image-builder" 24 | 25 | } 26 | ``` 27 | -------------------------------------------------------------------------------- /modules/eks-custom-ami-ec2-image-builder/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | # Security Groups locals 3 | any_port = 0 4 | any_protocol = "-1" 5 | all_ips_ipv4 = ["0.0.0.0/0"] 6 | all_ips_ipv6 = ["::/0"] 7 | 8 | # IAM Policies for Image Builder Infrastructure role 9 | managedpolicies_EC2ImageBuilder = [ 10 | "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder", 11 | "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds", 12 | "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" 13 | ] 14 | } -------------------------------------------------------------------------------- /modules/eks-custom-ami-ec2-image-builder/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = "~> 5.0" 6 | } 7 | } 8 | } 9 | 10 | provider "aws" { 11 | region = "us-east-1" 12 | } 13 | 14 | ## Data 15 | data "aws_ami" "eks_optimized_ami" { 16 | most_recent = true 17 | owners = ["amazon"] 18 | 19 | filter { 20 | name = "name" 21 | values = ["Windows_Server-2022-English-Core-EKS_Optimized-${var.eks_cluster_version}-*"] 22 | } 23 | } 24 | 25 | ## This data source was built to work with the VPC module provided with this registry. 26 | 27 | data "aws_vpc" "vpc_id" { 28 | filter { 29 | name = "tag:Name" 30 | values = ["VPC"] 31 | } 32 | lifecycle { 33 | postcondition { 34 | condition = self.enable_dns_support == true 35 | error_message = "The selected VPC must have DNS support enabled." 36 | } 37 | } 38 | } 39 | 40 | ## This data source was built to work with the subnets in the VPC module provided with this registry. 41 | 42 | data "aws_subnets" "private_subnets" { 43 | filter { 44 | name = "tag:Tier" 45 | values = ["Private"] 46 | } 47 | } 48 | 49 | data "aws_caller_identity" "current" {} 50 | 51 | output "account_id" { 52 | value = data.aws_caller_identity.current.account_id 53 | } 54 | 55 | ## IAM Role and Instance Profile 56 | 57 | resource "aws_iam_role" "eks_imagebuilder_role" { 58 | name = "eks-imagebuilder-role" 59 | path = "/" 60 | managed_policy_arns = local.managedpolicies_EC2ImageBuilder 61 | assume_role_policy = jsonencode({ 62 | Version = "2012-10-17" 63 | Statement = [ 64 | { 65 | Action = "sts:AssumeRole" 66 | Effect = "Allow" 67 | Principal = { 68 | Service = "ec2.amazonaws.com" 69 | } 70 | }, 71 | ] 72 | }) 73 | } 74 | 75 | resource "aws_iam_instance_profile" "eks_imagebuilder_instance_profile" { 76 | name = "eks-imagebuilder-instance-profile" 77 | role = aws_iam_role.eks_imagebuilder_role.name 78 | } 79 | 80 | ### SSM VPC Endpoint if needed 81 | 82 | # resource "aws_vpc_endpoint" "ssm_vpc_endpoint" { 83 | # vpc_id = data.aws_vpc.vpc_id.id 84 | # for_each = toset([ 85 | # "com.amazonaws.${var.region}.ssm", 86 | # "com.amazonaws.${var.region}.ssmmessages", 87 | # "com.amazonaws.${var.region}.ec2messages" 88 | # ]) 89 | # service_name = each.value 90 | # vpc_endpoint_type = "Interface" 91 | # security_group_ids = [ 92 | # aws_security_group.ec2_security_group.id 93 | # ] 94 | # private_dns_enabled = true 95 | # } 96 | 97 | ## Security Group 98 | 99 | resource "aws_security_group" "ec2_security_group" { 100 | name = "ec2-imagebuilder-sg" 101 | description = "EC2 Image Builder SG - No inbound traffic" 102 | vpc_id = data.aws_vpc.vpc_id.id 103 | 104 | egress { 105 | from_port = local.any_port 106 | to_port = local.any_port 107 | protocol = local.any_protocol 108 | cidr_blocks = local.all_ips_ipv4 109 | ipv6_cidr_blocks = local.all_ips_ipv6 110 | } 111 | } 112 | 113 | ## Image Recipe 114 | 115 | resource "aws_imagebuilder_image_recipe" "eks_custom_ami" { 116 | name = var.image_recipe_name 117 | parent_image = data.aws_ami.eks_optimized_ami.id 118 | version = var.image_recipe_version 119 | block_device_mapping { 120 | device_name = "/dev/sda1" 121 | 122 | ebs { 123 | delete_on_termination = true 124 | volume_size = 100 125 | volume_type = "gp3" 126 | } 127 | } 128 | component { 129 | component_arn = aws_imagebuilder_component.container_images.arn 130 | } 131 | } 132 | 133 | ## Image Components 134 | 135 | resource "aws_imagebuilder_component" "container_images" { 136 | name = var.component_name_image_cache 137 | platform = "Windows" 138 | version = "1.0.0" 139 | change_description = "Cache .NET Framework container images to accelerate Windows container startup time" 140 | supported_os_versions = ["Microsoft Windows"] 141 | data = yamlencode({ 142 | phases = [{ 143 | name = "build" 144 | steps = [{ 145 | action = "ExecutePowerShell" 146 | inputs = { 147 | commands = [ 148 | "Set-ExecutionPolicy Unrestricted -Force", 149 | "ctr -n k8s.io image pull mcr.microsoft.com/dotnet/framework/aspnet:4.8" ## Add necessary images uri per line 150 | ] 151 | } 152 | name = "containerdpull" 153 | }] 154 | }] 155 | schemaVersion = 1.0 156 | }) 157 | } 158 | 159 | resource "aws_imagebuilder_infrastructure_configuration" "custom_windows_ami_infrastructure" { 160 | name = "EKS Custom Windows optimized AMI" 161 | description = "EC2 Image Builder Infrastructure for Amazon EKS Windows custom AMIs" 162 | instance_profile_name = aws_iam_instance_profile.eks_imagebuilder_instance_profile.name 163 | instance_types = ["t3.large", "t3.xlarge"] 164 | subnet_id = data.aws_subnets.private_subnets.ids[0] 165 | security_group_ids = [aws_security_group.ec2_security_group.id] 166 | terminate_instance_on_failure = true 167 | #key_pair = "yourkeeppair" 168 | } 169 | 170 | resource "aws_imagebuilder_distribution_configuration" "custom_windows_ami_distribution" { 171 | name = "EKS Custom Windows optimized AMI" 172 | description = "EC2 Image Builder Distribution for Amazon EKS Windows custom AMIs" 173 | 174 | distribution { 175 | region = var.region 176 | fast_launch_configuration { 177 | enabled = true 178 | account_id = data.aws_caller_identity.current.account_id 179 | max_parallel_launches = var.fast_launch_max_parallel_launches 180 | snapshot_configuration { 181 | target_resource_count = var.snapshot_configuration_target_resource_count 182 | } 183 | } 184 | ami_distribution_configuration { 185 | ami_tags = { 186 | "Orchestrator" = "Amazon EKS" 187 | } 188 | } 189 | } 190 | } 191 | 192 | resource "aws_imagebuilder_image_pipeline" "custom_ami_pipeline" { 193 | image_recipe_arn = aws_imagebuilder_image_recipe.eks_custom_ami.arn 194 | infrastructure_configuration_arn = aws_imagebuilder_infrastructure_configuration.custom_windows_ami_infrastructure.arn 195 | distribution_configuration_arn = aws_imagebuilder_distribution_configuration.custom_windows_ami_distribution.arn 196 | description = "EC2 Image Builder Pipeline for Amazon EKS Windows custom AMIs" 197 | name = "EKS Custom Windows optimized AMI" 198 | enhanced_image_metadata_enabled = false 199 | 200 | schedule { 201 | schedule_expression = "cron(0 0 * * ? *)" 202 | timezone = var.image_pipeline_timezone 203 | } 204 | } -------------------------------------------------------------------------------- /modules/eks-custom-ami-ec2-image-builder/output.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/modules/eks-custom-ami-ec2-image-builder/output.tf -------------------------------------------------------------------------------- /modules/eks-custom-ami-ec2-image-builder/variables.tf: -------------------------------------------------------------------------------- 1 | variable "eks_cluster_version" { 2 | type = string 3 | default = "1.29" 4 | description = "Version for the EKS cluster" 5 | } 6 | 7 | variable "region" { 8 | type = string 9 | default = "us-east-1" 10 | description = "AWS Region to deploy the pipeline" 11 | } 12 | 13 | variable "image_recipe_name" { 14 | type = string 15 | default = "eks-custom-windows-ami" 16 | description = "Cache .NET Framework container images to accelerate Windows container startup time" 17 | } 18 | 19 | variable "image_recipe_version" { 20 | type = string 21 | default = "1.0.0" 22 | description = "Image Recipe version" 23 | } 24 | 25 | 26 | variable "component_name_image_cache" { 27 | type = string 28 | default = "containerdpull" 29 | description = "Cache .NET Framework container images to accelerate Windows container startup time" 30 | } 31 | 32 | variable "image_pipeline_timezone" { 33 | default = "America/Los_Angeles" 34 | description = "Change timezone - IANA timezone format " 35 | } 36 | 37 | variable "fast_launch_max_parallel_launches" { 38 | type = number 39 | default = 10 40 | } 41 | 42 | variable "snapshot_configuration_target_resource_count" { 43 | type = number 44 | default = 10 45 | 46 | } -------------------------------------------------------------------------------- /modules/eks-windows/README.md: -------------------------------------------------------------------------------- 1 | # Amazon EKS for Windows containers 2 | 3 | Terraform module which deploys an EKS cluster for Windows containers. 4 | 5 | ## Providers 6 | 7 | - hashicorp/aws | version = "~> 5.0" 8 | 9 | ## Variables description 10 | - **eks_cluster_name (string)**: Namne of the EKS cluster 11 | - **endpoint_private_access (bool)**: Indicates whether or not the Amazon EKS private API server endpoint is enabled 12 | - **endpoint_public_access (bool)**: Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default to AWS EKS resource and it is true 13 | - **public_access_cidrs (list(string))**: Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with 0.0.0.0/0. 14 | - **enabled_cluster_log_types (list(string))**: A list of the desired control plane logging to enable. For more information, see https://docs.aws.amazon.com/en_us/eks/latest/userguide/control-plane-logs.html. Possible values [`api`, `audit`, `authenticator`, `controllerManager`, `scheduler`] 15 | - **cluster_log_retention_period (number)**: Number of days to retain cluster logs. Requires `enabled_cluster_log_types` to be set. See https://docs.aws.amazon.com/en_us/eks/latest/userguide/control-plane-logs.html. 16 | - **cluster_encryption_config_enabled (bool)**: Set to `true` to enable Cluster Encryption Configuration 17 | - **cluster_encryption_config_kms_key_id (string)**: KMS Key ID to use for cluster encryption config 18 | - **cluster_encryption_config_kms_key_enable_key_rotation (bool)**: Cluster Encryption Config KMS Key Resource argument - enable kms key rotation 19 | - **cluster_encryption_config_kms_key_deletion_window_in_days (number)**: Cluster Encryption Config KMS Key Resource argument - key deletion windows in days post destruction 20 | - **cluster_encryption_config_kms_key_policy (string)**: Cluster Encryption Config KMS Key Resource argument - key policy 21 | - **cluster_encryption_config_resources (list(any))**: Cluster Encryption Config Resources to encrypt, e.g. ['secrets'] 22 | - **eks_cluster_version (string)**: Version for the EKS cluster 23 | - **launch_template_name (string)**: Name for the launch template 24 | - **ec2_instance_types (string)**: EC2 instance type 25 | - **eks_windows_workernode_instance_profile_name (string)**: Worker node instance profile name 26 | - **alb_ingress_ports (list(number))**: List of ports opened from Internet to ALB 27 | - **container_instances_ingress_ports (list(number))**: List of ports opened from ALB to Container Instances 28 | - **kubelet_extra_args (string)**: This will make sure to taint your nodes at the boot time to avoid scheduling any existing resources in the new Windows worker nodes 29 | - **map_users (list(object({})))**: Additional IAM users to add to the aws-auth configmap. 30 | 31 | 32 | ## Usage 33 | 34 | ```hcl 35 | module "eks-windows" { 36 | source = "aws-samples/windows-workloads-on-aws/aws//modules/eks-windows" 37 | 38 | eks_cluster_name = "eks-windows" 39 | eks_cluster_version = "1.29" 40 | ec2_instance_types = "t3.medium" 41 | } 42 | ``` 43 | ## Outputs 44 | -------------------------------------------------------------------------------- /modules/eks-windows/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | http_port = 80 3 | any_port = 0 4 | any_protocol = "-1" 5 | tcp_protocol = "tcp" 6 | all_ips_ipv4 = ["0.0.0.0/0"] 7 | all_ips_ipv6 = ["::/0"] 8 | } -------------------------------------------------------------------------------- /modules/eks-windows/outputs.tf: -------------------------------------------------------------------------------- 1 | output "eks_cluster_name" { 2 | value = aws_eks_cluster.eks_windows.name 3 | } 4 | 5 | output "eks_cluster_status" { 6 | value = aws_eks_cluster.eks_windows.status 7 | } 8 | -------------------------------------------------------------------------------- /modules/eks-windows/scripts/aws-auth-cm-windows.tftpl: -------------------------------------------------------------------------------- 1 | - rolearn: ${linux_ng_role_arn} 2 | username: system:node:{{EC2PrivateDNSName}} 3 | groups: 4 | - system:bootstrappers 5 | - system:nodes 6 | - rolearn: ${wind_ng_role_arn} 7 | username: system:node:{{EC2PrivateDNSName}} 8 | groups: 9 | - system:bootstrappers 10 | - system:nodes 11 | - eks:kube-proxy-windows -------------------------------------------------------------------------------- /modules/eks-windows/scripts/userdata_windows.tftpl: -------------------------------------------------------------------------------- 1 | 2 | [string]$EKSBinDir = "$env:ProgramFiles\Amazon\EKS" 3 | [string]$EKSBootstrapScriptName = 'Start-EKSBootstrap.ps1' 4 | [string]$EKSBootstrapScriptFile = "$EKSBinDir\$EKSBootstrapScriptName" 5 | & $EKSBootstrapScriptFile -EKSClusterName ${aws_eks_cluster.eks_windows.name} -KubeletExtraArgs 3>&1 4>&1 5>&1 6>&1 6 | -------------------------------------------------------------------------------- /modules/eks-windows/variables.tf: -------------------------------------------------------------------------------- 1 | variable "eks_cluster_name" { 2 | type = string 3 | default = "eks-windows" 4 | description = "Namne of the EKS cluster" 5 | } 6 | 7 | variable "endpoint_private_access" { 8 | type = bool 9 | default = true 10 | description = "Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default to AWS EKS resource and it is false" 11 | } 12 | 13 | variable "endpoint_public_access" { 14 | type = bool 15 | default = false 16 | description = "Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default to AWS EKS resource and it is true" 17 | } 18 | 19 | variable "public_access_cidrs" { 20 | type = list(string) 21 | default = ["0.0.0.0/0"] 22 | description = "Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with 0.0.0.0/0." 23 | } 24 | 25 | 26 | variable "enabled_cluster_log_types" { 27 | type = list(string) 28 | default = [] 29 | description = "A list of the desired control plane logging to enable. For more information, see https://docs.aws.amazon.com/en_us/eks/latest/userguide/control-plane-logs.html. Possible values [`api`, `audit`, `authenticator`, `controllerManager`, `scheduler`]" 30 | } 31 | 32 | variable "cluster_log_retention_period" { 33 | type = number 34 | default = 0 35 | description = "Number of days to retain cluster logs. Requires `enabled_cluster_log_types` to be set. See https://docs.aws.amazon.com/en_us/eks/latest/userguide/control-plane-logs.html." 36 | } 37 | 38 | variable "cluster_encryption_config_enabled" { 39 | type = bool 40 | default = true 41 | description = "Set to `true` to enable Cluster Encryption Configuration" 42 | } 43 | 44 | variable "cluster_encryption_config_kms_key_id" { 45 | type = string 46 | default = "" 47 | description = "KMS Key ID to use for cluster encryption config" 48 | } 49 | 50 | variable "cluster_encryption_config_kms_key_enable_key_rotation" { 51 | type = bool 52 | default = true 53 | description = "Cluster Encryption Config KMS Key Resource argument - enable kms key rotation" 54 | } 55 | 56 | variable "cluster_encryption_config_kms_key_deletion_window_in_days" { 57 | type = number 58 | default = 10 59 | description = "Cluster Encryption Config KMS Key Resource argument - key deletion windows in days post destruction" 60 | } 61 | 62 | variable "cluster_encryption_config_kms_key_policy" { 63 | type = string 64 | default = null 65 | description = "Cluster Encryption Config KMS Key Resource argument - key policy" 66 | } 67 | 68 | variable "cluster_encryption_config_resources" { 69 | type = list(any) 70 | default = ["secrets"] 71 | description = "Cluster Encryption Config Resources to encrypt, e.g. ['secrets']" 72 | } 73 | 74 | variable "eks_cluster_version" { 75 | type = string 76 | default = "1.30" 77 | description = "Version for the EKS cluster" 78 | } 79 | 80 | variable "eks_windows_ami_version" { 81 | type = string 82 | default = "WINDOWS_CORE_2022_x86_64" 83 | description = "Valid Values: AL2_x86_64 | AL2_x86_64_GPU | AL2_ARM_64 | CUSTOM | BOTTLEROCKET_ARM_64 | BOTTLEROCKET_x86_64 | BOTTLEROCKET_ARM_64_NVIDIA | BOTTLEROCKET_x86_64_NVIDIA | WINDOWS_CORE_2019_x86_64 | WINDOWS_FULL_2019_x86_64 | WINDOWS_CORE_2022_x86_64 | WINDOWS_FULL_2022_x86_64" 84 | } 85 | 86 | variable "launch_template_name" { 87 | type = string 88 | default = "eks-windows-lt" 89 | description = "Name for the launch template" 90 | } 91 | 92 | variable "ec2_instance_types" { 93 | type = string 94 | default = "t3.medium" 95 | description = "EC2 instance type" 96 | } 97 | 98 | variable "eks_windows_workernode_instance_profile_name" { 99 | type = string 100 | default = "eks_windows_workernode_instance_profile" 101 | description = "Worker node instance profile name" 102 | } 103 | 104 | variable "alb_ingress_ports" { 105 | type = list(number) 106 | default = [80, 443] 107 | description = "List of ports opened from Internet to ALB" 108 | } 109 | 110 | variable "container_instances_ingress_ports" { 111 | type = list(number) 112 | default = [80, 443] 113 | description = "List of ports opened from ALB to Container Instances" 114 | } 115 | 116 | variable "kubelet_extra_args" { 117 | type = string 118 | default = "--register-with-taints='os=windows:NoSchedule'" 119 | description = "This will make sure to taint your nodes at the boot time to avoid scheduling any existing resources in the new Windows worker nodes" 120 | } 121 | 122 | variable "map_users" { 123 | type = list(object({ 124 | userarn = string 125 | username = string 126 | groups = list(string) 127 | })) 128 | 129 | default = [ 130 | { 131 | userarn = "arn:aws:iam::0123456789:user/USER" 132 | username = "momarcio" 133 | groups = ["system:masters"] 134 | }, 135 | ] 136 | description = "Additional IAM users to add to the aws-auth configmap." 137 | } 138 | -------------------------------------------------------------------------------- /modules/fsx-windows/README.md: -------------------------------------------------------------------------------- 1 | # AWS Microsoft Managed AD Terraform module 2 | 3 | Terraform module which deploys Amazon FSx for Windows Filesystem integrated with AWS Managed Microsoft AD 4 | 5 | ## Providers 6 | 7 | - hashicorp/aws | version = "~> 5.0" 8 | 9 | ## Variables description 10 | 11 | - **automatic_backup_retention_days (number)**: The number of days to retain automatic backups. Minimum of 0 and maximum of 90 12 | 13 | - **deployment_type (string)**: Specifies the file system deployment type, valid values are MULTI_AZ_1, SINGLE_AZ_1 and SINGLE_AZ_2 14 | 15 | - **mad_domain_fqdn (string)**: FQDN of the AWS Managed Microsoft AD" 16 | 17 | - **managedad_id (string)**: Directory ID of the AWS Managed Microsoft AD" 18 | 19 | - **storage_capacity (number)**: Storage capacity (GiB) of the file system. Minimum of 32 and maximum of 65536 20 | 21 | - **storage_type (string)**: Specifies the storage type, valid values are SSD and HDD 22 | 23 | - **subnet_ids (list(string))**: Private subnet ID(s) for the Amazon FSx for Windows 24 | 25 | - **throughput_capacity (number)**: Throughput (megabytes per second) of the file system in power of 2 increments. Minimum of 8 and maximum of 2048 26 | 27 | - **vpc_id (map)**: VPC ID for the Amazon FSx for Windows 28 | 29 | ## Usage 30 | 31 | ```hcl 32 | module "fsx-windows" { 33 | source = "aws-samples/windows-workloads-on-aws/aws//modules/fsx-windows" 34 | 35 | automatic_backup_retention_days = 7 36 | deployment_type = "SINGLE_AZ_2" 37 | mad_domain_fqdn = "corp.example.com" 38 | managedad_id = "d-123456789" 39 | storage_capacity = 32 40 | storage_type = "SSD" 41 | subnet_ids = ["subnet-12345678"] 42 | throughput_capacity = 16 43 | vpc_id = "vpc-12345678" 44 | } 45 | ``` 46 | ## Outputs -------------------------------------------------------------------------------- /modules/fsx-windows/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = "~> 5.0" 6 | } 7 | } 8 | } 9 | 10 | provider "aws" { 11 | region = "us-east-1" 12 | } 13 | 14 | data "aws_vpc" "vpc_id" { 15 | filter { 16 | name = "tag:Name" 17 | values = ["VPC"] 18 | } 19 | lifecycle { 20 | postcondition { 21 | condition = self.enable_dns_support == true 22 | error_message = "The selected VPC must have DNS support enabled." 23 | } 24 | } 25 | } 26 | 27 | data "aws_subnets" "private_subnets" { 28 | filter { 29 | name = "tag:Tier" 30 | values = ["Private"] 31 | } 32 | } 33 | 34 | data "aws_kms_alias" "fsx" { 35 | name = "alias/${var.fsx_kms_key}" 36 | } 37 | 38 | resource "aws_security_group" "ingress_tcp_fsx" { 39 | name = "MAD-FSx.${var.managed_ad_fqdn}-Security-Group" 40 | description = "MAD FSx.${var.managed_ad_fqdn} Security Group" 41 | 42 | dynamic "ingress" { 43 | for_each = var.tcp_amazon_fsx_ingress_ports 44 | content { 45 | from_port = ingress.value 46 | to_port = ingress.value 47 | protocol = "TCP" 48 | cidr_blocks = [data.aws_vpc.vpc_id.cidr_block] 49 | } 50 | } 51 | 52 | dynamic "ingress" { 53 | for_each = var.udp_amazon_fsx_ingress_ports 54 | content { 55 | from_port = ingress.value 56 | to_port = ingress.value 57 | protocol = "UDP" 58 | cidr_blocks = [data.aws_vpc.vpc_id.cidr_block] 59 | } 60 | } 61 | 62 | ingress { 63 | description = "Dynamic ports" 64 | from_port = "49152" 65 | to_port = "65535" 66 | protocol = "TCP" 67 | cidr_blocks = [data.aws_vpc.vpc_id.cidr_block] 68 | } 69 | 70 | egress { 71 | description = "Outbound to everywhere" 72 | from_port = 0 73 | to_port = 0 74 | protocol = "-1" 75 | cidr_blocks = ["0.0.0.0/0"] 76 | } 77 | tags = { 78 | Name = "MAD-FSx.${var.managed_ad_fqdn}-Security-Group" 79 | } 80 | vpc_id = data.aws_vpc.vpc_id.id 81 | } 82 | 83 | resource "aws_fsx_windows_file_system" "mad_fsx" { 84 | active_directory_id = var.managed_ad_id 85 | aliases = ["MAD-FSx.${var.managed_ad_fqdn}"] 86 | automatic_backup_retention_days = var.automatic_backup_retention_days 87 | deployment_type = "SINGLE_AZ_1" 88 | kms_key_id = data.aws_kms_alias.fsx.arn 89 | security_group_ids = [aws_security_group.ingress_tcp_fsx.id] 90 | skip_final_backup = true 91 | storage_capacity = var.storage_capacity 92 | storage_type = var.storage_type 93 | subnet_ids = concat(([data.aws_subnets.private_subnets.ids[0]])) 94 | tags = { 95 | Name = "MAD-FSx.${var.managed_ad_fqdn}" 96 | } 97 | throughput_capacity = var.throughput_capacity 98 | } 99 | -------------------------------------------------------------------------------- /modules/fsx-windows/variables.tf: -------------------------------------------------------------------------------- 1 | variable "automatic_backup_retention_days" { 2 | type = number 3 | default = 7 4 | description = "The number of days to retain automatic backups. Minimum of 0 and maximum of 90" 5 | } 6 | 7 | variable "deployment_type" { 8 | type = string 9 | default = "SINGLE_AZ_1" 10 | description = "Specifies the file system deployment type, valid values are MULTI_AZ_1, SINGLE_AZ_1 and SINGLE_AZ_2" 11 | validation { 12 | condition = contains(["MULTI_AZ_1", "SINGLE_AZ_1", "SINGLE_AZ_2"], var.deployment_type) 13 | error_message = "The storage type value must be MULTI_AZ_1, SINGLE_AZ_1, or SINGLE_AZ_2" 14 | } 15 | } 16 | 17 | variable "fsx_kms_key" { 18 | type = string 19 | default = "aws/fsx" 20 | description = "ARN for the KMS Key to encrypt the file system at rest" 21 | } 22 | 23 | variable "managed_ad_fqdn" { 24 | type = string 25 | description = "FQDN of the AWS Managed Microsoft AD" 26 | } 27 | 28 | variable "managed_ad_id" { 29 | type = string 30 | description = "Directory ID of the AWS Managed Microsoft AD" 31 | } 32 | 33 | variable "storage_capacity" { 34 | type = number 35 | default = 32 36 | description = "Storage capacity (GiB) of the file system. Minimum of 32 and maximum of 65536" 37 | } 38 | 39 | variable "storage_type" { 40 | type = string 41 | default = "SSD" 42 | description = "Specifies the storage type, valid values are SSD and HDD" 43 | validation { 44 | condition = contains(["HDD", "SSD"], var.storage_type) 45 | error_message = "The storage type value must be HDD or SSD." 46 | } 47 | } 48 | 49 | variable "throughput_capacity" { 50 | type = number 51 | default = 16 52 | description = "Throughput (megabytes per second) of the file system in power of 2 increments. Minimum of 8 and maximum of 2048" 53 | } 54 | 55 | variable "tcp_amazon_fsx_ingress_ports" { 56 | type = list(number) 57 | default = [ 58 | "53", 59 | "88", 60 | "464", 61 | "389", 62 | "123", 63 | "135", 64 | "445", 65 | "636", 66 | "3268", 67 | "3269", 68 | "5985", 69 | "9389"] 70 | description = "List of security group TCP ports for Amazon FSx Windows" 71 | } 72 | 73 | variable "udp_amazon_fsx_ingress_ports" { 74 | type = list(number) 75 | default = [ 76 | "88", 77 | "464", 78 | "389", 79 | "123", 80 | ] 81 | description = "List of security UDP group ports for Amazon FSx Windows" 82 | } 83 | -------------------------------------------------------------------------------- /modules/managed-ad/README.md: -------------------------------------------------------------------------------- 1 | # AWS Microsoft Managed AD Terraform module 2 | 3 | Terraform module which manages AWS Microsoft Managed AD resources. 4 | 5 | ## Providers 6 | 7 | - hashicorp/aws | version = "~> 5.0" 8 | - hashicorp/random | version = "~>3.6.0" 9 | 10 | ## Variables description 11 | 12 | - **ds_managed_ad_directory_name (string)**: Fully Qualified Domain Name (FQDN) for the Managed AD. i.e. "corp.local" 13 | 14 | - **ds_managed_ad_short_name (string)**: Active Directory Forest NetBIOS name. i.e. "corp.local" 15 | 16 | - **ds_managed_ad_edition (string)**: AWS Microsoft Managed AD edition, either _Standard_ or _Enterprise_. Default = _Standard_ 17 | 18 | - **ds_managed_ad_vpc_id (string)**: VPC ID where Managed AD should be deployed 19 | 20 | - **ds_managed_ad_subnet_ids (list(string))**: Two private subnet IDs where Managed AD Domain Controllers should be set 21 | 22 | ## Usage 23 | 24 | ```hcl 25 | module "managed-ad" { 26 | source = "aws-samples/windows-workloads-on-aws/aws//modules/managed-ad" 27 | 28 | ds_managed_ad_directory_name = "corp.local" 29 | ds_managed_ad_short_name = "corp" 30 | ds_managed_ad_edition = "Standard" 31 | ds_managed_ad_vpc_id = "vpc-123456789" 32 | ds_managed_ad_subnet_ids = ["subnet-12345678", "subnet-87654321"] 33 | } 34 | ``` 35 | 36 | ## Outputs 37 | 38 | - **ds_managed_ad_id**: AWS Microsoft Managed AD ID 39 | 40 | - **ds_managed_ad_ips**: AWS Microsoft Managed AD DNS IPs 41 | 42 | - **managed_ad_password_secret_id**: Admin password is set as an entry on AWS Secrets Manager as _managed-ad-fqdn\_admin_ -------------------------------------------------------------------------------- /modules/managed-ad/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | ds_managed_ad_type = "MicrosoftAD" # Static input to force only MAD deployments 3 | ds_managed_ad_admin_secret_sufix = "admin" 4 | } -------------------------------------------------------------------------------- /modules/managed-ad/main.tf: -------------------------------------------------------------------------------- 1 | ## Sets providers settings 2 | 3 | terraform { 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 5.0" 8 | } 9 | random = { 10 | source = "hashicorp/random" 11 | version = "~> 3.6.0" 12 | } 13 | } 14 | } 15 | 16 | provider "aws" { 17 | region = var.aws_region 18 | } 19 | 20 | ## Sets Admin secret 21 | 22 | resource "random_password" "mad_admin_password" { 23 | length = 16 24 | special = true 25 | override_special = "!#$%&*()-_=+[]{}<>:?" 26 | } 27 | 28 | resource "aws_secretsmanager_secret" "mad_admin_secret" { 29 | name = "${var.ds_managed_ad_directory_name}_${local.ds_managed_ad_admin_secret_sufix}" 30 | kms_key_id = var.ds_managed_ad_secret_key 31 | recovery_window_in_days = 30 32 | } 33 | 34 | resource "aws_secretsmanager_secret_version" "mad_admin_secret_version" { 35 | secret_id = aws_secretsmanager_secret.mad_admin_secret.id 36 | secret_string = random_password.mad_admin_password.result 37 | } 38 | 39 | ## MAD deployment 40 | 41 | resource "aws_directory_service_directory" "ds_managed_ad" { 42 | name = var.ds_managed_ad_directory_name 43 | short_name = var.ds_managed_ad_short_name 44 | password = aws_secretsmanager_secret_version.mad_admin_secret_version.secret_string 45 | edition = var.ds_managed_ad_edition 46 | type = local.ds_managed_ad_type 47 | 48 | vpc_settings { 49 | vpc_id = var.vpc_id 50 | subnet_ids = [var.private_subnet_id_1, var.private_subnet_id_2] 51 | } 52 | } 53 | 54 | ## Sets MAD security group egress 55 | 56 | resource "aws_security_group_rule" "ds_managed_ad_secgroup" { 57 | type = "egress" 58 | description = "Allowing outbound traffic" 59 | to_port = 0 60 | protocol = "-1" 61 | cidr_blocks = ["0.0.0.0/0"] 62 | from_port = 0 63 | security_group_id = aws_directory_service_directory.ds_managed_ad.security_group_id 64 | } 65 | -------------------------------------------------------------------------------- /modules/managed-ad/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ds_managed_ad_id" { 2 | value = aws_directory_service_directory.ds_managed_ad.id 3 | } 4 | 5 | output "ds_managed_ad_ips" { 6 | value = aws_directory_service_directory.ds_managed_ad.dns_ip_addresses 7 | } 8 | 9 | output "managed_ad_password_secret_id" { 10 | value = aws_secretsmanager_secret.mad_admin_secret.id 11 | } -------------------------------------------------------------------------------- /modules/managed-ad/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_region" { 2 | type = string 3 | description = "AWS Region" 4 | } 5 | 6 | variable "vpc_id" { 7 | type = string 8 | description = "The VPC id to deploy the AWS Managed Microsoft AD directory" 9 | } 10 | 11 | variable "private_subnet_id_1" { 12 | type = string 13 | description = "The private subnet ID - 1" 14 | } 15 | 16 | variable "private_subnet_id_2" { 17 | type = string 18 | description = "The private subnet ID - 2" 19 | } 20 | 21 | variable "ds_managed_ad_directory_name" { 22 | type = string 23 | description = "The fully qualified domain name for the AWS Managed Microsoft AD directory, such as corp.example.com" 24 | } 25 | 26 | variable "ds_managed_ad_short_name" { 27 | type = string 28 | description = "The NetBIOS name for the AWS Managed Microsoft AD directory, such as CORP" 29 | } 30 | 31 | 32 | variable "ds_managed_ad_edition" { 33 | type = string 34 | default = "Standard" 35 | description = "The AWS Managed Microsoft AD edition: Enterprise or Standard (default)" 36 | validation { 37 | condition = contains(["Enterprise", "Standard"], var.ds_managed_ad_edition) 38 | error_message = "The edition value must be Enterprise or Standard." 39 | } 40 | } 41 | 42 | variable "ds_managed_ad_secret_key" { 43 | type = string 44 | description = "ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret" 45 | } -------------------------------------------------------------------------------- /modules/rds-sqlserver/README.md: -------------------------------------------------------------------------------- 1 | # Amazon RDS for SQL Server 2 | 3 | Terraform module which creates and RDS instance for SQL Server. 4 | 5 | ## Providers 6 | 7 | - hashicorp/aws | version = "~> 5.0" 8 | 9 | ## Variables description 10 | - **rdssql_db_subnet_group_name (string)**: Name for the DB subnet group 11 | - **rdssql_ingress_name (string)**: Security Group name 12 | - **rdssql_ingress_ports (list(number))**: List of ports opened from Private Subnets CIDR to RDS SQL Instance 13 | - **ManagedPolicy (list(any))**: Managed policy for making calls to your directory 14 | - **rdssql_engine (ist(any))**: SQL Server Version 15 | - **rdssql_engine_version (list)**: 15.00 = SQL Server 2019 / 14.00 = SQL Server 2017 / 13.00 = SQL Server 2016 / 12.00 = SQL Server 2014 16 | - **rdssql_password (string)**: RDS Admin password 17 | - **time_zone (string)**: Database timezone 18 | - **sql_collation (string)**: SQL Server Collation 19 | - **backup_windows_retention_maintenance (list(any))**: Backup window time, desired retention in days, maitenance windows 20 | - **rds_db_instance_class (string)**: Amazon RDS DB Instance class 21 | - **storage_allocation (list(any))**: Allocated storage Gb, Max allocated storage Gb 22 | - **user_name (string)**: SQL Server Admin username 23 | 24 | 25 | ## Usage 26 | 27 | ```hcl 28 | module "rds-sqlserver" { 29 | source = "aws-samples/windows-workloads-on-aws/aws//modules/rds-sqlserver" 30 | 31 | rds_db_instance_class = "db.t3.medium" 32 | user_name = "admin_mssql" 33 | } 34 | ``` 35 | ## Outputs 36 | -------------------------------------------------------------------------------- /modules/rds-sqlserver/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = "~> 5.0" 6 | } 7 | } 8 | } 9 | 10 | provider "aws" { 11 | region = "us-east-1" 12 | } 13 | 14 | ## Data 15 | data "aws_vpc" "vpc_id" { 16 | filter { 17 | name = "tag:Name" 18 | values = ["VPC"] 19 | } 20 | } 21 | 22 | data "aws_subnets" "private_subnets" { 23 | filter { 24 | name = "tag:Tier" 25 | values = ["Private"] 26 | } 27 | } 28 | 29 | data "aws_subnet_ids" "private_subnets_ids" { 30 | vpc_id = data.aws_vpc.vpc_id.id 31 | filter { 32 | name = "tag:Tier" 33 | values = ["Private"] 34 | } 35 | } 36 | 37 | 38 | ## Security Groups 39 | 40 | resource "aws_security_group" "rdssql_ingress" { 41 | name = var.rdssql_ingress_name 42 | description = "Ingress traffic from Private subnets" 43 | vpc_id = data.aws_vpc.vpc_id.id 44 | 45 | dynamic "ingress" { 46 | for_each = var.rdssql_ingress_ports 47 | content { 48 | from_port = ingress.value 49 | to_port = ingress.value 50 | protocol = "tcp" 51 | cidr_blocks = [data.aws_vpc.vpc_id.cidr_block] 52 | } 53 | } 54 | 55 | egress { 56 | from_port = 0 57 | to_port = 0 58 | protocol = "-1" 59 | cidr_blocks = ["0.0.0.0/0"] 60 | ipv6_cidr_blocks = ["::/0"] 61 | } 62 | } 63 | 64 | ## VPC Endpoints 65 | 66 | resource "aws_vpc_endpoint" "rds_vpc_endpoint" { 67 | vpc_id = data.aws_vpc.vpc_id.id 68 | subnet_ids = data.aws_subnet_ids.private_subnets_ids.ids 69 | service_name = "com.amazonaws.us-east-1.rds-data" 70 | vpc_endpoint_type = "Interface" 71 | auto_accept = true 72 | security_group_ids = [aws_security_group.rdssql_ingress.id] 73 | private_dns_enabled = true 74 | 75 | } 76 | 77 | ## DB Subnet Group 78 | 79 | resource "aws_db_subnet_group" "rdssqldb_subnet_group" { 80 | name = var.rdssql_db_subnet_group_name 81 | subnet_ids = data.aws_subnet_ids.private_subnets_ids.ids 82 | } 83 | 84 | ## IAM Role for Domain join 85 | 86 | resource "aws_iam_role" "rdssql_iam_role" { 87 | name = "rdssql_iam_role" 88 | path = "/" 89 | managed_policy_arns = var.ManagedPolicy 90 | assume_role_policy = jsonencode({ 91 | Version = "2012-10-17" 92 | Statement = [ 93 | { 94 | Action = "sts:AssumeRole" 95 | Sid = "" 96 | Effect = "Allow" 97 | Principal = { 98 | Service = "rds.amazonaws.com" 99 | } 100 | }, 101 | ] 102 | }) 103 | } 104 | 105 | ## Amazon RDS for SQL Server 106 | 107 | resource "aws_db_instance" "rds_sql_server" { 108 | engine = var.rdssql_engine[0] 109 | engine_version = var.rdssql_engine_version[0] 110 | license_model = "license-included" 111 | port = 1433 112 | 113 | allow_major_version_upgrade = false 114 | auto_minor_version_upgrade = true 115 | apply_immediately = false 116 | 117 | timezone = var.time_zone 118 | character_set_name = var.sql_collation 119 | 120 | backup_window = var.backup_windows_retention_maintenance[0] 121 | backup_retention_period = var.backup_windows_retention_maintenance[1] 122 | maintenance_window = var.backup_windows_retention_maintenance[2] 123 | delete_automated_backups = true 124 | skip_final_snapshot = true 125 | deletion_protection = false 126 | 127 | db_subnet_group_name = aws_db_subnet_group.rdssqldb_subnet_group.name 128 | 129 | instance_class = var.rds_db_instance_class 130 | 131 | allocated_storage = var.storage_allocation[0] 132 | max_allocated_storage = var.storage_allocation[1] 133 | storage_type = "gp2" 134 | storage_encrypted = false 135 | 136 | username = var.user_name 137 | password = var.rdssql_password 138 | 139 | multi_az = false 140 | vpc_security_group_ids = [aws_security_group.rdssql_ingress.id] 141 | } -------------------------------------------------------------------------------- /modules/rds-sqlserver/variables.tf: -------------------------------------------------------------------------------- 1 | ## Security Group 2 | variable "rdssql_db_subnet_group_name" { 3 | type = string 4 | default = "rdssql_db_subnet_group" 5 | description = "Name for the DB subnet group" 6 | } 7 | 8 | 9 | variable "rdssql_ingress_name" { 10 | type = string 11 | default = "Amazon RDS for SQL Server - Security Group" 12 | description = "Security Group name" 13 | } 14 | 15 | variable "rdssql_ingress_ports" { 16 | type = list(number) 17 | default = [1433] 18 | description = "List of ports opened from Private Subnets CIDR to RDS SQL Instance" 19 | } 20 | 21 | ## Iam Roles for Domain join 22 | 23 | variable "ManagedPolicy" { 24 | type = list(any) 25 | default = ["arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess"] 26 | description = "Managed policy for making calls to your directory" 27 | } 28 | 29 | ## Amazon RDS for SQL Server 30 | 31 | variable "rdssql_engine" { 32 | type = list(any) 33 | default = ["sqlserver-ex", "sqlserver-web", "sqlserver-se", "sqlserver-ee"] 34 | description = "SQL Server Version" 35 | } 36 | 37 | variable "rdssql_engine_version" { 38 | type = list(any) 39 | default = ["15.00", "14.00", "13.00", "12.00"] 40 | description = "15.00 = SQL Server 2019 / 14.00 = SQL Server 2017 / 13.00 = SQL Server 2016 / 12.00 = SQL Server 2014" 41 | } 42 | 43 | variable "rdssql_password" { 44 | type = string 45 | default = "MyStrongPa$$w0rd" 46 | description = "RDS Admin password" 47 | sensitive = true 48 | ## Terraform _ Sensitive Variables = https://learn.hashicorp.com/tutorials/terraform/sensitive_variables 49 | } 50 | 51 | variable "time_zone" { 52 | type = string 53 | default = "GMT Standard Time" 54 | description = "Database timezone" 55 | } 56 | 57 | variable "sql_collation" { 58 | type = string 59 | default = "SQL_Latin1_General_CP1_CI_AS" 60 | description = "SQL Server Collation" 61 | } 62 | 63 | variable "backup_windows_retention_maintenance" { 64 | type = list(any) 65 | default = ["03:00-06:00", "35", "Mon:00:00-Mon:03:00"] 66 | description = "Backup window time, desired retention in days, maitenance windows" 67 | } 68 | 69 | variable "rds_db_instance_class" { 70 | type = string 71 | default = "db.t3.medium" 72 | description = "Amazon RDS DB Instance class" 73 | # Instance type: https://aws.amazon.com/rds/sqlserver/instance_types/ 74 | } 75 | 76 | variable "storage_allocation" { 77 | type = list(any) 78 | default = ["20", "100"] 79 | description = "Allocated storage Gb, Max allocated storage Gb" 80 | } 81 | 82 | variable "user_name" { 83 | type = string 84 | default = "admin_mssql" 85 | description = "SQL Server Admin username" 86 | } -------------------------------------------------------------------------------- /modules/vpc/README.md: -------------------------------------------------------------------------------- 1 | # Amazon VPC 2 | 3 | Terraform module which deploys a VPC with private and public subnets, internet gateway, nat gateway, and routing. 4 | 5 | ## Providers 6 | 7 | - hashicorp/aws | version = "~> 5.0" 8 | 9 | ## Variables description 10 | - **vpc_cidr_block (string)**: The IPv4 CIDR block for the VPC 11 | - **private_subnets (map(number))**: Map of AZ to a number that should be used for private subnets 12 | - **public_subnets (map(number))**: Map of AZ to a number that should be used for public subnets 13 | 14 | 15 | ## Usage 16 | 17 | ```hcl 18 | module "vpc" { 19 | source = "aws-samples/windows-workloads-on-aws/aws//modules/vpc" 20 | 21 | vpc_cidr_block = "10.0.0.0/16" 22 | private_subnets = { 23 | "us-east-1a" = 1 24 | "us-east-1b" = 2 25 | } 26 | public_subnets = { 27 | "us-east-1a" = 3 28 | "us-east-1b" = 4 29 | } 30 | } 31 | ``` 32 | ## Outputs 33 | 34 | - **vpc_id**: Id of the VPC 35 | - **private_subnets_id**: Ids of the private subnets 36 | - **public_subnets_id**: Ids of the public subnets 37 | - **private_subnets_cidr**: CIDR of the private subnets 38 | - **public_subnets_cidr**: CIDR of the public subnets -------------------------------------------------------------------------------- /modules/vpc/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | internet = "0.0.0.0/0" 3 | } -------------------------------------------------------------------------------- /modules/vpc/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = "~> 5.0" 6 | } 7 | } 8 | } 9 | 10 | provider "aws" { 11 | region = var.aws_region 12 | } 13 | 14 | ## Data 15 | 16 | data "aws_availability_zones" "az" { 17 | state = "available" 18 | filter { 19 | name = "opt-in-status" 20 | values = ["opt-in-not-required"] 21 | } 22 | } 23 | 24 | ## VPC 25 | 26 | resource "aws_vpc" "vpc" { 27 | cidr_block = var.vpc_cidr_block 28 | enable_dns_hostnames = true 29 | enable_dns_support = true 30 | tags = { 31 | Name = "VPC" 32 | } 33 | } 34 | 35 | resource "aws_subnet" "private_subnets" { 36 | vpc_id = aws_vpc.vpc.id 37 | for_each = var.private_subnets 38 | cidr_block = cidrsubnet(aws_vpc.vpc.cidr_block, 4, each.value) 39 | availability_zone = each.key 40 | 41 | tags = { 42 | Subnet = "Private Subnet ${each.key}-${each.value}" 43 | Name = "Private Subnet / ${each.key}" 44 | Tier = "Private" 45 | } 46 | } 47 | 48 | resource "aws_subnet" "public_subnets" { 49 | vpc_id = aws_vpc.vpc.id 50 | for_each = var.public_subnets 51 | cidr_block = cidrsubnet(aws_vpc.vpc.cidr_block, 4, each.value) 52 | availability_zone = each.key 53 | 54 | tags = { 55 | Subnet = "${each.key}-${each.value}" 56 | Name = "Public Subnet / ${each.key}" 57 | Tier = "Public" 58 | } 59 | } 60 | 61 | ## Internet Gateway 62 | 63 | resource "aws_internet_gateway" "internet_gateway" { 64 | vpc_id = aws_vpc.vpc.id 65 | tags = { 66 | Name = "Internet Gateway" 67 | } 68 | } 69 | 70 | ## Elastic IP for Nat Gateway 71 | 72 | resource "aws_eip" "eip_natgateway" { 73 | domain = "vpc" 74 | depends_on = [aws_internet_gateway.internet_gateway] 75 | tags = { 76 | Name = "Elastic IP for Nat Gateway" 77 | } 78 | } 79 | 80 | ## Nat Gateway 81 | 82 | resource "aws_nat_gateway" "nat_gateway" { 83 | allocation_id = aws_eip.eip_natgateway.id 84 | # subnet_id = aws_subnet.public_subnets["us-east-1a"].id 85 | subnet_id = aws_subnet.public_subnets[element(keys(aws_subnet.public_subnets), 0)].id #Accessing an specific value inside a for_each 86 | depends_on = [aws_internet_gateway.internet_gateway] 87 | tags = { 88 | Name = "Nat Gateway" 89 | } 90 | } 91 | 92 | ## Route Tables 93 | 94 | resource "aws_route_table" "private_subnets_route_table" { 95 | vpc_id = aws_vpc.vpc.id 96 | route { 97 | cidr_block = local.internet 98 | nat_gateway_id = aws_nat_gateway.nat_gateway.id 99 | } 100 | } 101 | 102 | resource "aws_route_table_association" "private_subnet_route_association" { 103 | for_each = aws_subnet.private_subnets 104 | subnet_id = each.value.id 105 | route_table_id = aws_route_table.private_subnets_route_table.id 106 | } 107 | 108 | resource "aws_route_table" "public_subnets_route_table" { 109 | vpc_id = aws_vpc.vpc.id 110 | route { 111 | cidr_block = local.internet 112 | gateway_id = aws_internet_gateway.internet_gateway.id 113 | } 114 | } 115 | 116 | resource "aws_route_table_association" "public_subnet_route_association" { 117 | for_each = aws_subnet.public_subnets 118 | subnet_id = each.value.id 119 | route_table_id = aws_route_table.public_subnets_route_table.id 120 | } -------------------------------------------------------------------------------- /modules/vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | ## VPC ID 2 | 3 | output "vpc_id" { 4 | value = aws_vpc.vpc.id 5 | } 6 | 7 | ## Subnet IDs 8 | 9 | output "private_subnets_id" { 10 | value = values(aws_subnet.private_subnets).*.id 11 | } 12 | 13 | output "public_subnets_id" { 14 | value = values(aws_subnet.public_subnets).*.id 15 | } 16 | 17 | ## Subnets CIDRs 18 | 19 | output "private_subnets_cidr" { 20 | value = values(aws_subnet.private_subnets).*.cidr_block 21 | } 22 | 23 | output "public_subnets_cidr" { 24 | value = values(aws_subnet.public_subnets).*.cidr_block 25 | } -------------------------------------------------------------------------------- /modules/vpc/variables.tf: -------------------------------------------------------------------------------- 1 | ## AWS Region 2 | variable "aws_region" { 3 | type = string 4 | default = "us-east-1" 5 | description = "Default AWS Region to deploy VPC" 6 | 7 | } 8 | 9 | ## VPC CIDR BLOCK 10 | variable "vpc_cidr_block" { 11 | type = string 12 | default = "10.0.0.0/16" 13 | description = "The IPv4 CIDR block for the VPC" 14 | } 15 | 16 | ## Private Subnet CIDR BLOCK 17 | variable "private_subnets" { 18 | type = map(number) 19 | default = { 20 | "us-east-1a" = 1 21 | "us-east-1b" = 2 22 | } 23 | description = "Map of AZ to a number that should be used for private subnets" 24 | } 25 | 26 | ## Public Subnet CIDR BLOCK 27 | variable "public_subnets" { 28 | type = map(number) 29 | default = { 30 | "us-east-1a" = 3 31 | "us-east-1b" = 4 32 | } 33 | description = "Map of AZ to a number that should be used for public subnets" 34 | } -------------------------------------------------------------------------------- /workshops/ENT303/README.md: -------------------------------------------------------------------------------- 1 | # Workshop: Use Terraform to Build Microsoft Infrastructure on AWS (3 hours) 2 | This code is used within the [Use Terraform to build Microsoft infrastructure on AWS](https://catalog.workshops.aws/pdo-01) workshop. 3 | 4 | In this workshop, explore how to use Terraform to deploy services such as Amazon EC2 for Windows Server, AWS Managed Microsoft Active Directory, Amazon FSx for Windows File Server, and Amazon RDS for SQL Server. Learn from best practices for how to use Terraform to create fully functioning, well-architected AWS solutions in a quick and repeatable manner. 5 | 6 | ## Providers 7 | 8 | - hashicorp/aws | version = "~> 3.70" 9 | 10 | ## Variables description 11 | - **CustomerCode (string)**: 3 or 4 letter unique identifier for a customer 12 | - **EnvironmentCode (string)**: 2 character code to signify the workloads environment 13 | - **vpc_cidr (string)**: VPC CIDR range 14 | - **region (string)**: AWS region 15 | - **az_01 (string)**: Availability Zone 1 16 | - **az_02 (string)**: Availability Zone 2 17 | - **EnvironmentTag (string)**: Environment name tag 18 | - **CustomerTag (string)**: Customer name tag 19 | 20 | 21 | ## Usage 22 | 23 | :warning: **Warning**: This code is not designed for consumption outside of an AWS workshop setting. It contains errors, relies on pre-provisioned resources and lacks production security controls. 24 | 25 | ## Outputs 26 | 27 | none 28 | -------------------------------------------------------------------------------- /workshops/ENT303/codeblock01.tf: -------------------------------------------------------------------------------- 1 | # Create a Resource Group for Terraform created instances 2 | 3 | resource "aws_resourcegroups_group" "pdo" { 4 | name = format("%s%s%s%s", var.CustomerCode, "rgg", var.EnvironmentCode, "pdo") 5 | description = "Planetry Defence Organization environment resources" 6 | 7 | resource_query { 8 | query = < 2 | -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/Scripts/jquery.validate.unobtrusive.min.js: -------------------------------------------------------------------------------- 1 | // Unobtrusive validation support library for jQuery and jQuery Validate 2 | // Copyright (c) .NET Foundation. All rights reserved. 3 | // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. 4 | // @version v3.2.11 5 | !function(a){"function"==typeof define&&define.amd?define("jquery.validate.unobtrusive",["jquery-validation"],a):"object"==typeof module&&module.exports?module.exports=a(require("jquery-validation")):jQuery.validator.unobtrusive=a(jQuery)}(function(a){function e(a,e,n){a.rules[e]=n,a.message&&(a.messages[e]=a.message)}function n(a){return a.replace(/^\s+|\s+$/g,"").split(/\s*,\s*/g)}function t(a){return a.replace(/([!"#$%&'()*+,.\/:;<=>?@\[\\\]^`{|}~])/g,"\\$1")}function r(a){return a.substr(0,a.lastIndexOf(".")+1)}function i(a,e){return 0===a.indexOf("*.")&&(a=a.replace("*.",e)),a}function o(e,n){var r=a(this).find("[data-valmsg-for='"+t(n[0].name)+"']"),i=r.attr("data-valmsg-replace"),o=i?a.parseJSON(i)!==!1:null;r.removeClass("field-validation-valid").addClass("field-validation-error"),e.data("unobtrusiveContainer",r),o?(r.empty(),e.removeClass("input-validation-error").appendTo(r)):e.hide()}function d(e,n){var t=a(this).find("[data-valmsg-summary=true]"),r=t.find("ul");r&&r.length&&n.errorList.length&&(r.empty(),t.addClass("validation-summary-errors").removeClass("validation-summary-valid"),a.each(n.errorList,function(){a("
  • ").html(this.message).appendTo(r)}))}function s(e){var n=e.data("unobtrusiveContainer");if(n){var t=n.attr("data-valmsg-replace"),r=t?a.parseJSON(t):null;n.addClass("field-validation-valid").removeClass("field-validation-error"),e.removeData("unobtrusiveContainer"),r&&n.empty()}}function l(e){var n=a(this),t="__jquery_unobtrusive_validation_form_reset";if(!n.data(t)){n.data(t,!0);try{n.data("validator").resetForm()}finally{n.removeData(t)}n.find(".validation-summary-errors").addClass("validation-summary-valid").removeClass("validation-summary-errors"),n.find(".field-validation-error").addClass("field-validation-valid").removeClass("field-validation-error").removeData("unobtrusiveContainer").find(">*").removeData("unobtrusiveContainer")}}function u(e){var n=a(e),t=n.data(v),r=a.proxy(l,e),i=f.unobtrusive.options||{},u=function(n,t){var r=i[n];r&&a.isFunction(r)&&r.apply(e,t)};return t||(t={options:{errorClass:i.errorClass||"input-validation-error",errorElement:i.errorElement||"span",errorPlacement:function(){o.apply(e,arguments),u("errorPlacement",arguments)},invalidHandler:function(){d.apply(e,arguments),u("invalidHandler",arguments)},messages:{},rules:{},success:function(){s.apply(e,arguments),u("success",arguments)}},attachValidation:function(){n.off("reset."+v,r).on("reset."+v,r).validate(this.options)},validate:function(){return n.validate(),n.valid()}},n.data(v,t)),t}var m,f=a.validator,v="unobtrusiveValidation";return f.unobtrusive={adapters:[],parseElement:function(e,n){var t,r,i,o=a(e),d=o.parents("form")[0];d&&(t=u(d),t.options.rules[e.name]=r={},t.options.messages[e.name]=i={},a.each(this.adapters,function(){var n="data-val-"+this.name,t=o.attr(n),s={};void 0!==t&&(n+="-",a.each(this.params,function(){s[this]=o.attr(n+this)}),this.adapt({element:e,form:d,message:t,params:s,rules:r,messages:i}))}),a.extend(r,{__dummy__:!0}),n||t.attachValidation())},parse:function(e){var n=a(e),t=n.parents().addBack().filter("form").add(n.find("form")).has("[data-val=true]");n.find("[data-val=true]").each(function(){f.unobtrusive.parseElement(this,!0)}),t.each(function(){var a=u(this);a&&a.attachValidation()})}},m=f.unobtrusive.adapters,m.add=function(a,e,n){return n||(n=e,e=[]),this.push({name:a,params:e,adapt:n}),this},m.addBool=function(a,n){return this.add(a,function(t){e(t,n||a,!0)})},m.addMinMax=function(a,n,t,r,i,o){return this.add(a,[i||"min",o||"max"],function(a){var i=a.params.min,o=a.params.max;i&&o?e(a,r,[i,o]):i?e(a,n,i):o&&e(a,t,o)})},m.addSingleVal=function(a,n,t){return this.add(a,[n||"val"],function(r){e(r,t||a,r.params[n])})},f.addMethod("__dummy__",function(a,e,n){return!0}),f.addMethod("regex",function(a,e,n){var t;return!!this.optional(e)||(t=new RegExp(n).exec(a),t&&0===t.index&&t[0].length===a.length)}),f.addMethod("nonalphamin",function(a,e,n){var t;return n&&(t=a.match(/\W/g),t=t&&t.length>=n),t}),f.methods.extension?(m.addSingleVal("accept","mimtype"),m.addSingleVal("extension","extension")):m.addSingleVal("extension","extension","accept"),m.addSingleVal("regex","pattern"),m.addBool("creditcard").addBool("date").addBool("digits").addBool("email").addBool("number").addBool("url"),m.addMinMax("length","minlength","maxlength","rangelength").addMinMax("range","min","max","range"),m.addMinMax("minlength","minlength").addMinMax("maxlength","minlength","maxlength"),m.add("equalto",["other"],function(n){var o=r(n.element.name),d=n.params.other,s=i(d,o),l=a(n.form).find(":input").filter("[name='"+t(s)+"']")[0];e(n,"equalTo",l)}),m.add("required",function(a){"INPUT"===a.element.tagName.toUpperCase()&&"CHECKBOX"===a.element.type.toUpperCase()||e(a,"required",!0)}),m.add("remote",["url","type","additionalfields"],function(o){var d={url:o.params.url,type:o.params.type||"GET",data:{}},s=r(o.element.name);a.each(n(o.params.additionalfields||o.element.name),function(e,n){var r=i(n,s);d.data[r]=function(){var e=a(o.form).find(":input").filter("[name='"+t(r)+"']");return e.is(":checkbox")?e.filter(":checked").val()||e.filter(":hidden").val()||"":e.is(":radio")?e.filter(":checked").val()||"":e.val()}}),e(o,"remote",d)}),m.add("password",["min","nonalphamin","regex"],function(a){a.params.min&&e(a,"minlength",a.params.min),a.params.nonalphamin&&e(a,"nonalphamin",a.params.nonalphamin),a.params.regex&&e(a,"regex",a.params.regex)}),m.add("fileextensions",["extensions"],function(a){e(a,"extension",a.params.extensions)}),a(function(){f.unobtrusive.parse(document)}),f.unobtrusive}); -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/Views/Home/Index.cshtml: -------------------------------------------------------------------------------- 1 | @model CommunicationRig.Models.HomeIndexViewModel 2 | 3 | @{ 4 | ViewBag.Title = "Home Page"; 5 | } 6 | 7 | @if (Model.ShowSuccessBanner) 8 | { 9 |
    10 | success image 11 |
    12 | } 13 | 14 |
    15 |
    16 | 17 | @Html.TextBoxFor(x => x.Username, new { id = "nameInput", @class = "form-control" }) 18 |
    19 | 20 | 21 | 22 | 23 |
    24 | 25 |
    26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | @foreach (var signal in Model.Signals) 36 | { 37 | 38 | 39 | 40 | 41 | 42 | } 43 | 44 |
    NameSignalTimestamp
    @signal.UsernameSent@signal.Timestamp.ToShortDateString() @signal.Timestamp.ToLongTimeString()
    45 |
    -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/Views/Shared/Error.cshtml: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Error 6 | 7 | 8 |
    9 |

    Error.

    10 |

    An error occurred while processing your request.

    11 |
    12 | 13 | 14 | -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/Views/Shared/_Layout.cshtml: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | @ViewBag.Title - My ASP.NET Application 7 | @Styles.Render("~/Content/css") 8 | @Scripts.Render("~/bundles/modernizr") 9 | 10 | 11 |
    12 |
    13 |
    14 | 15 | Brand 16 | 17 | 22 | @Html.ActionLink("Communication Rig", "Index", "Home", new { area = "" }, new { @class = "navbar-brand" }) 23 |
    24 |
    25 |
    26 |
    27 | @RenderBody() 28 |
    29 |
    30 |

    © @DateTime.Now.Year - My ASP.NET Application

    31 |
    32 |
    33 | 34 | @Scripts.Render("~/bundles/jquery") 35 | @Scripts.Render("~/bundles/bootstrap") 36 | @RenderSection("scripts", required: false) 37 | 38 | 39 | -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/Views/Web.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 |
    7 |
    8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/Views/_ViewStart.cshtml: -------------------------------------------------------------------------------- 1 | @{ 2 | Layout = "~/Views/Shared/_Layout.cshtml"; 3 | } 4 | -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/Web.config: -------------------------------------------------------------------------------- 1 |  2 | 6 | 7 | 8 | 9 |
    10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/Antlr3.Runtime.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/Antlr3.Runtime.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/Antlr3.Runtime.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/Antlr3.Runtime.pdb -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/CommunicationRig.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/CommunicationRig.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/CommunicationRig.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/CommunicationRig.pdb -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/EntityFramework.SqlServer.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/EntityFramework.SqlServer.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/EntityFramework.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/EntityFramework.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/Microsoft.CodeDom.Providers.DotNetCompilerPlatform.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/Microsoft.CodeDom.Providers.DotNetCompilerPlatform.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/Microsoft.Web.Infrastructure.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/Microsoft.Web.Infrastructure.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/Newtonsoft.Json.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/Newtonsoft.Json.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/System.Web.Helpers.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/System.Web.Helpers.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/System.Web.Mvc.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/System.Web.Mvc.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/System.Web.Optimization.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/System.Web.Optimization.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/System.Web.Razor.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/System.Web.Razor.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/System.Web.WebPages.Deployment.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/System.Web.WebPages.Deployment.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/System.Web.WebPages.Razor.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/System.Web.WebPages.Razor.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/System.Web.WebPages.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/System.Web.WebPages.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/WebGrease.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/WebGrease.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.Build.Tasks.CodeAnalysis.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.Build.Tasks.CodeAnalysis.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.CSharp.Core.targets: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 30 | 33 | 34 | $(NoWarn);1701;1702 35 | 36 | 37 | 38 | 39 | $(NoWarn);2008 40 | 41 | 42 | 43 | 45 | $(AppConfig) 46 | 47 | 48 | $(IntermediateOutputPath)$(TargetName).compile.pdb 49 | 50 | 51 | 52 | 126 | 127 | 128 | 129 | 130 | <_CoreCompileResourceInputs Remove="@(_CoreCompileResourceInputs)" /> 131 | 132 | 133 | 134 | 135 | -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.CodeAnalysis.CSharp.Scripting.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.CodeAnalysis.CSharp.Scripting.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.CodeAnalysis.CSharp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.CodeAnalysis.CSharp.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.CodeAnalysis.Scripting.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.CodeAnalysis.Scripting.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.CodeAnalysis.VisualBasic.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.CodeAnalysis.VisualBasic.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.CodeAnalysis.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.CodeAnalysis.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.DiaSymReader.Native.amd64.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.DiaSymReader.Native.amd64.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.DiaSymReader.Native.x86.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.DiaSymReader.Native.x86.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.Managed.Core.targets: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 7 | 8 | 9 | 12 | 22 | 23 | 24 | 25 | 26 | 27 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | false 39 | 40 | 41 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | true 50 | 51 | 52 | 53 | 61 | 62 | true 63 | 64 | 65 | 82 | 83 | 85 | 86 | 87 | <_MappedSourceRoot Remove="@(_MappedSourceRoot)" /> 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 103 | 104 | true 105 | 106 | 107 | 111 | 114 | 115 | 125 | 126 | 130 | 131 | 132 | <_TopLevelSourceRoot Include="@(SourceRoot)" Condition="'%(SourceRoot.NestedRoot)' == ''"/> 133 | 134 | 135 | 136 | 137 | 138 | 139 | ,$(PathMap) 140 | 141 | 151 | @(_TopLevelSourceRoot->'%(Identity)=%(MappedPath)', ',')$(PathMap) 152 | 153 | 154 | 155 | -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.VisualBasic.Core.targets: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 30 | 31 | <_NoWarnings Condition="'$(WarningLevel)' == '0'">true 32 | <_NoWarnings Condition="'$(WarningLevel)' == '1'">false 33 | 34 | 35 | 36 | 37 | $(IntermediateOutputPath)$(TargetName).compile.pdb 38 | 39 | 40 | 41 | 124 | 125 | 126 | 127 | <_CoreCompileResourceInputs Remove="@(_CoreCompileResourceInputs)" /> 128 | 129 | 130 | 131 | 132 | -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.Win32.Primitives.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/Microsoft.Win32.Primitives.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.AppContext.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.AppContext.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Collections.Immutable.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Collections.Immutable.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Console.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Console.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Diagnostics.DiagnosticSource.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Diagnostics.DiagnosticSource.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Diagnostics.FileVersionInfo.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Diagnostics.FileVersionInfo.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Diagnostics.StackTrace.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Diagnostics.StackTrace.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Globalization.Calendars.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Globalization.Calendars.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.IO.Compression.ZipFile.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.IO.Compression.ZipFile.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.IO.Compression.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.IO.Compression.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.IO.FileSystem.Primitives.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.IO.FileSystem.Primitives.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.IO.FileSystem.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.IO.FileSystem.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Net.Http.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Net.Http.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Net.Sockets.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Net.Sockets.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Reflection.Metadata.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Reflection.Metadata.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Runtime.InteropServices.RuntimeInformation.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Runtime.InteropServices.RuntimeInformation.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Security.Cryptography.Algorithms.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Security.Cryptography.Algorithms.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Security.Cryptography.Encoding.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Security.Cryptography.Encoding.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Security.Cryptography.Primitives.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Security.Cryptography.Primitives.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Security.Cryptography.X509Certificates.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Security.Cryptography.X509Certificates.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Text.Encoding.CodePages.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Text.Encoding.CodePages.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Threading.Tasks.Extensions.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Threading.Tasks.Extensions.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.ValueTuple.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.ValueTuple.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Xml.ReaderWriter.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Xml.ReaderWriter.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Xml.XPath.XDocument.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Xml.XPath.XDocument.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Xml.XPath.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Xml.XPath.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Xml.XmlDocument.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/System.Xml.XmlDocument.dll -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/VBCSCompiler.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/VBCSCompiler.exe -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/csc.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/csc.exe -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/csc.exe.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/csc.rsp: -------------------------------------------------------------------------------- 1 | # Copyright (c) Microsoft. All Rights Reserved. Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. 2 | 3 | # This file contains command-line options that the C# 4 | # command line compiler (CSC) will process as part 5 | # of every compilation, unless the "/noconfig" option 6 | # is specified. 7 | 8 | # Reference the common Framework libraries 9 | /r:Accessibility.dll 10 | /r:Microsoft.CSharp.dll 11 | /r:System.Configuration.dll 12 | /r:System.Configuration.Install.dll 13 | /r:System.Core.dll 14 | /r:System.Data.dll 15 | /r:System.Data.DataSetExtensions.dll 16 | /r:System.Data.Linq.dll 17 | /r:System.Data.OracleClient.dll 18 | /r:System.Deployment.dll 19 | /r:System.Design.dll 20 | /r:System.DirectoryServices.dll 21 | /r:System.dll 22 | /r:System.Drawing.Design.dll 23 | /r:System.Drawing.dll 24 | /r:System.EnterpriseServices.dll 25 | /r:System.Management.dll 26 | /r:System.Messaging.dll 27 | /r:System.Runtime.Remoting.dll 28 | /r:System.Runtime.Serialization.dll 29 | /r:System.Runtime.Serialization.Formatters.Soap.dll 30 | /r:System.Security.dll 31 | /r:System.ServiceModel.dll 32 | /r:System.ServiceModel.Web.dll 33 | /r:System.ServiceProcess.dll 34 | /r:System.Transactions.dll 35 | /r:System.Web.dll 36 | /r:System.Web.Extensions.Design.dll 37 | /r:System.Web.Extensions.dll 38 | /r:System.Web.Mobile.dll 39 | /r:System.Web.RegularExpressions.dll 40 | /r:System.Web.Services.dll 41 | /r:System.Windows.Forms.dll 42 | /r:System.Workflow.Activities.dll 43 | /r:System.Workflow.ComponentModel.dll 44 | /r:System.Workflow.Runtime.dll 45 | /r:System.Xml.dll 46 | /r:System.Xml.Linq.dll 47 | -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/csi.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/csi.exe -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/csi.rsp: -------------------------------------------------------------------------------- 1 | /r:System 2 | /r:System.Core 3 | /r:Microsoft.CSharp 4 | /r:System.ValueTuple.dll 5 | /u:System 6 | /u:System.IO 7 | /u:System.Collections.Generic 8 | /u:System.Console 9 | /u:System.Diagnostics 10 | /u:System.Dynamic 11 | /u:System.Linq 12 | /u:System.Linq.Expressions 13 | /u:System.Text 14 | /u:System.Threading.Tasks -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/vbc.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/bin/roslyn/vbc.exe -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/bin/roslyn/vbc.rsp: -------------------------------------------------------------------------------- 1 | # Copyright (c) Microsoft. All Rights Reserved. Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. 2 | 3 | # This file contains command-line options that the VB 4 | # command line compiler (VBC) will process as part 5 | # of every compilation, unless the "/noconfig" option 6 | # is specified. 7 | 8 | # Reference the common Framework libraries 9 | /r:Accessibility.dll 10 | /r:System.Configuration.dll 11 | /r:System.Configuration.Install.dll 12 | /r:System.Data.dll 13 | /r:System.Data.OracleClient.dll 14 | /r:System.Deployment.dll 15 | /r:System.Design.dll 16 | /r:System.DirectoryServices.dll 17 | /r:System.dll 18 | /r:System.Drawing.Design.dll 19 | /r:System.Drawing.dll 20 | /r:System.EnterpriseServices.dll 21 | /r:System.Management.dll 22 | /r:System.Messaging.dll 23 | /r:System.Runtime.Remoting.dll 24 | /r:System.Runtime.Serialization.Formatters.Soap.dll 25 | /r:System.Security.dll 26 | /r:System.ServiceProcess.dll 27 | /r:System.Transactions.dll 28 | /r:System.Web.dll 29 | /r:System.Web.Mobile.dll 30 | /r:System.Web.RegularExpressions.dll 31 | /r:System.Web.Services.dll 32 | /r:System.Windows.Forms.dll 33 | /r:System.XML.dll 34 | 35 | /r:System.Workflow.Activities.dll 36 | /r:System.Workflow.ComponentModel.dll 37 | /r:System.Workflow.Runtime.dll 38 | /r:System.Runtime.Serialization.dll 39 | /r:System.ServiceModel.dll 40 | 41 | /r:System.Core.dll 42 | /r:System.Xml.Linq.dll 43 | /r:System.Data.Linq.dll 44 | /r:System.Data.DataSetExtensions.dll 45 | /r:System.Web.Extensions.dll 46 | /r:System.Web.Extensions.Design.dll 47 | /r:System.ServiceModel.Web.dll 48 | 49 | # Import System and Microsoft.VisualBasic 50 | /imports:System 51 | /imports:Microsoft.VisualBasic 52 | /imports:System.Linq 53 | /imports:System.Xml.Linq 54 | 55 | /optioninfer+ 56 | -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/favicon.ico -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/fonts/glyphicons-halflings-regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/fonts/glyphicons-halflings-regular.eot -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/fonts/glyphicons-halflings-regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/fonts/glyphicons-halflings-regular.ttf -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/fonts/glyphicons-halflings-regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/fonts/glyphicons-halflings-regular.woff -------------------------------------------------------------------------------- /workshops/ENT303/existing_webserverfiles/fonts/glyphicons-halflings-regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/terraform-aws-windows-workloads-on-aws/f4759264d780ef361cb614e188c159706505b4c4/workshops/ENT303/existing_webserverfiles/fonts/glyphicons-halflings-regular.woff2 -------------------------------------------------------------------------------- /workshops/ENT303/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | 4 | aws = { 5 | 6 | source = "hashicorp/aws" 7 | version = "~> 5.0" 8 | 9 | } 10 | } 11 | 12 | required_version = ">= 1.0.0" 13 | } 14 | 15 | provider "aws" { 16 | 17 | region = var.region 18 | 19 | default_tags { 20 | 21 | tags = { 22 | 23 | customer = var.CustomerTag 24 | environment = var.EnvironmentTag 25 | provisioner = "terraform" 26 | workshop = "pdo" 27 | 28 | } 29 | } 30 | 31 | } -------------------------------------------------------------------------------- /workshops/ENT303/terraform.tfvars: -------------------------------------------------------------------------------- 1 | # Naming Convention Values 2 | CustomerCode = "pdo" 3 | EnvironmentCode = "pd" 4 | 5 | # Network Values 6 | vpc_cidr = "10.180" 7 | 8 | # Regions 9 | region = "us-west-2" 10 | az_01 = "us-west-2a" 11 | az_02 = "us-west-2b" 12 | 13 | # Global Tags 14 | CustomerTag = "planentary defence organization" 15 | EnvironmentTag = "production" -------------------------------------------------------------------------------- /workshops/ENT303/variables.tf: -------------------------------------------------------------------------------- 1 | # Naming Convention 2 | variable "CustomerCode" { 3 | description = "3 or 4 letter unique identifier for a customer" 4 | type = string 5 | } 6 | 7 | variable "EnvironmentCode" { 8 | description = "2 character code to signify the workloads environment" 9 | type = string 10 | } 11 | 12 | # Network Variables 13 | variable "vpc_cidr" { 14 | description = "VPC CIDR range" 15 | type = string 16 | } 17 | 18 | # Regions 19 | variable "region" { 20 | description = "AWS region" 21 | type = string 22 | } 23 | 24 | variable "az_01" { 25 | description = "Availability Zone 1" 26 | type = string 27 | } 28 | 29 | variable "az_02" { 30 | description = "Availability Zone 2" 31 | type = string 32 | } 33 | 34 | # Tags 35 | variable "EnvironmentTag" { 36 | description = "Environment name tag" 37 | type = string 38 | } 39 | 40 | variable "CustomerTag" { 41 | 42 | description = "Customer Name tag" 43 | type = string 44 | } -------------------------------------------------------------------------------- /workshops/ENT303/webserver_user_data.ps1: -------------------------------------------------------------------------------- 1 | 2 | # Script Log 3 | Start-Transcript -Path "C:\UserData.log" -Append 4 | 5 | 6 | # Install/upgrade SSM Agent 7 | if (-not (Test-Path C:\SSMAgent_latest.exe)) { 8 | Invoke-WebRequest ` 9 | https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe ` 10 | -OutFile C:\SSMAgent_latest.exe 11 | Start-Process ` 12 | -FilePath C:\SSMAgent_latest.exe ` 13 | -ArgumentList "/S" 14 | Restart-Service AmazonSSMAgent 15 | } 16 | 17 | # Disable IE ESC 18 | function Disable-InternetExplorerESC { 19 | $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" 20 | $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" 21 | Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0 22 | Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0 23 | Stop-Process -Name Explorer 24 | } 25 | Disable-InternetExplorerESC 26 | 27 | # Install Admin tools 28 | if ((Get-WindowsFeature RSAT-DNS-Server).installed -ne 'True') { 29 | Install-WindowsFeature -Name RSAT-AD-Tools,RSAT-DNS-Server 30 | } 31 | 32 | # Install Chocolatey 33 | if (-not (Test-Path C:\ProgramData\\chocolatey)) { 34 | Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) 35 | } 36 | 37 | # Install SQL Management Tools 38 | $Software = "SQL Server Management Studio" 39 | $Installed = $null -ne (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object { $_.DisplayName -eq $Software }) 40 | 41 | if (-not $installed) { 42 | C:\ProgramData\\chocolatey\choco install sql-server-management-studio -y 43 | } 44 | 45 | # Install AWSCLIv2 46 | if (-not (Test-Path "C:\Program Files\Amazon\AWSCLIV2")) { 47 | msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi /quiet 48 | } 49 | 50 | # Install IIS Web Services 51 | if ((Get-WindowsFeature Web-Mgmt-Console).installed -ne 'True') { 52 | Install-WindowsFeature Web-Common-Http,Web-Http-Logging,Web-Http-Redirect,Web-Dyn-Compression,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Scripting-Tools,Web-Mgmt-Console 53 | } 54 | 55 | # Copy webserverfiles locally 56 | C:\PROGRA~1\Amazon\AWSCLIV2\aws s3 sync ${S3Bucket} C:\inetpub\pdocommsrig 57 | 58 | # Configure webserver 59 | icacls "C:\INETPUB\pdocommsrig" /grant "IIS_IUSRS:(OI)(CI)(RX)" 60 | icacls "D:\Folder" /grant "Domain\ADGroup":(OI)(CI)RX 61 | Set-WebBinding -Name "Default Web Site" -BindingInformation "*:80:" -PropertyName "Port" -Value "81" 62 | New-IISSite -Name "pdocommsrig" -BindingInformation "*:80:" -PhysicalPath "$env:systemdrive\inetpub\pdocommsrig" 63 | 64 | 65 | # Useful Locations 66 | Write-Output "Chocolatey Logs: C:\ProgramData\chocolatey\logs\chocolatey.log" 67 | Write-Output "Chocolatey Temp: C:\Users\%USERNAME%\AppData\Local\Temp\chocolatey" 68 | 69 | Stop-Transcript 70 | 71 | 72 | true --------------------------------------------------------------------------------