├── .github
├── dependabot.yml
└── workflows
│ ├── checkov.yaml
│ ├── pre-commit.yaml
│ ├── semantic-release.yaml
│ ├── terraform-test.yaml
│ ├── tflint.yaml
│ └── tfsec.yaml
├── .gitignore
├── .pre-commit-config.yaml
├── LICENSE
├── README.md
├── commitlint.config.js
├── git-conventional-commits.json
├── githooks
├── commit-msg
└── pre-commit
├── modules
├── README.md
├── alb-logs-to-s3-to-cloudwatch
│ ├── README.md
│ ├── alb-to-s3-to-cloudwatch-lambda
│ │ ├── .gitignore
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── src
│ │ │ └── lambda.py
│ │ └── variables.tf
│ ├── bucket.tf
│ ├── logs-to-cloudwatch.tf
│ ├── tests
│ │ └── basic
│ │ │ ├── README.md
│ │ │ └── main.tf
│ ├── variables.tf
│ └── versions.tf
├── api-gateway-account-settings
│ ├── README.md
│ ├── main.tf
│ └── variables.tf
├── api-gateway
│ ├── README.md
│ ├── cloudwatch.tf
│ ├── custom-domain
│ │ ├── README.md
│ │ ├── certificate.tf
│ │ ├── data.tf
│ │ ├── locals.tf
│ │ ├── main.tf
│ │ ├── r53.tf
│ │ └── variables.tf
│ ├── examples
│ │ └── swagger-config-example.json
│ ├── iam.tf
│ ├── main.tf
│ ├── outputs.tf
│ ├── src
│ │ └── iam-policy.json.tpl
│ ├── variables.tf
│ └── version.tf
├── appconfig
│ ├── README.md
│ ├── application.tf
│ ├── configs.tf
│ ├── deployment-strategies.tf
│ ├── environments.tf
│ ├── locals.tf
│ ├── outputs.tf
│ ├── tests
│ │ └── basic
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ ├── README.md
│ │ │ └── python
│ │ │ └── feature-flag-demo.py
│ ├── variables.tf
│ └── versions.tf
├── aws-alb-to-cloudwatch-lambda
│ ├── .envrc
│ ├── .gitignore
│ ├── CHANGELOG.md
│ ├── LICENSE
│ ├── Makefile
│ ├── README.md
│ ├── codebuild_builder
│ │ ├── cfn.yaml.tmpl
│ │ └── lambda.py
│ ├── lambda_builders
│ │ ├── cfn.yaml.tmpl
│ │ ├── nodejs.js
│ │ └── python.py
│ ├── main.tf
│ ├── outputs.tf
│ ├── requirements.tf
│ ├── tests
│ │ ├── changes
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── lambda.tf.py
│ │ │ ├── main.tf
│ │ │ ├── src
│ │ │ │ ├── build.sh
│ │ │ │ └── lambda.py
│ │ │ ├── terraform.tf.py
│ │ │ └── test_changes.py
│ │ ├── filename
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── main.tf
│ │ │ ├── src
│ │ │ │ └── lambda.py
│ │ │ ├── terraform.tf.py
│ │ │ └── test_filename.py
│ │ ├── golang
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── main.tf
│ │ │ ├── src
│ │ │ │ ├── buildspec.yml
│ │ │ │ ├── main.go
│ │ │ │ └── main_test.go
│ │ │ ├── terraform.tf.py
│ │ │ └── test_golang.py
│ │ ├── nodejs
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── main.tf
│ │ │ ├── src
│ │ │ │ ├── build.sh
│ │ │ │ ├── index.js
│ │ │ │ └── package.json
│ │ │ ├── terraform.tf.py
│ │ │ └── test_nodejs.py
│ │ ├── python
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── main.tf
│ │ │ ├── src
│ │ │ │ ├── build.sh
│ │ │ │ ├── lambda.py
│ │ │ │ └── requirements.txt
│ │ │ ├── terraform.tf.py
│ │ │ └── test_python.py
│ │ └── s3
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── main.tf
│ │ │ ├── src
│ │ │ └── lambda.py
│ │ │ ├── terraform.tf.py
│ │ │ └── test_s3.py
│ ├── validate.py
│ ├── variables.tf
│ ├── versions.tf
│ ├── workflows
│ │ └── README.yml
│ └── zip_files
│ │ ├── .gitignore
│ │ └── README.md
├── aws-cloudfront-security-headers
│ ├── README.md
│ ├── cloudfront.gif
│ ├── deploy.zip
│ ├── main.tf
│ ├── outputs.tf
│ ├── requirements.tf
│ ├── src
│ │ └── index.js.tpl
│ └── variables.tf
├── aws-cloudwatch-prometheus-metrics
│ ├── README.md
│ ├── main.tf
│ ├── namespace.tf
│ ├── role.tf
│ ├── variables.tf
│ └── version.tf
├── aws-efs
│ └── backup
│ │ ├── Dockerfile
│ │ ├── Makefile
│ │ ├── README.md
│ │ ├── helm
│ │ └── jobs
│ │ │ ├── Chart.lock
│ │ │ ├── Chart.yaml
│ │ │ ├── charts
│ │ │ └── base-cronjob
│ │ │ │ ├── Chart.yaml
│ │ │ │ ├── README.md
│ │ │ │ ├── templates
│ │ │ │ ├── cronjob.yaml
│ │ │ │ ├── pvc.yaml
│ │ │ │ └── serviceaccount.yaml
│ │ │ │ └── values.yaml
│ │ │ └── values-dev.yaml
│ │ └── start.sh
├── aws-multi-vpc-peering
│ ├── README.md
│ ├── main.tf
│ ├── variables.tf
│ └── versions.tf
├── aws-network
│ ├── README.md
│ ├── peering.tf
│ ├── variables.tf
│ ├── vpc.tf
│ └── vpn.tf
├── aws-rds-postgres
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ ├── security-group.tf
│ └── variables.tf
├── aws-vpc-peering
│ ├── README.md
│ ├── data.tf
│ ├── locals.tf
│ ├── main.tf
│ ├── outputs.tf
│ ├── provider.tf
│ ├── variables.tf
│ └── version.tf
├── aws-vpn-vpnendpoint
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ ├── tests
│ │ └── vpn-setup
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ ├── 2-assert.tf
│ │ │ └── README.md
│ ├── variables.tf
│ └── versions.tf
├── budgets
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── cloudfront-ssl-hsts
│ ├── README.md
│ ├── bucket-origin.tf
│ ├── lamda-security-headers.tf
│ ├── main.tf
│ ├── outputs.tf
│ ├── ssl-certificate.tf
│ ├── tests
│ │ ├── basic
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ └── README.md
│ │ └── s3-and-alb
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ └── README.md
│ ├── variables.tf
│ └── versions.tf
├── cloudfront-to-s3-to-cloudwatch
│ ├── README.md
│ ├── bucket.tf
│ ├── cloudfront-to-s3-to-cloudwatch
│ │ ├── .gitignore
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── src
│ │ │ └── lambda.py
│ │ └── variables.tf
│ ├── logs-to-cloudwatch.tf
│ ├── variables.tf
│ └── versions.tf
├── cloudfront
│ ├── README.md
│ ├── distribution.tf
│ ├── modules
│ │ ├── cloudfront_functions
│ │ │ ├── README.md
│ │ │ ├── main.tf
│ │ │ ├── output.tf
│ │ │ ├── tests
│ │ │ │ └── basic
│ │ │ │ │ ├── README.md
│ │ │ │ │ ├── function.js
│ │ │ │ │ └── main.tf
│ │ │ └── variables.tf
│ │ └── response_headers
│ │ │ ├── README.md
│ │ │ ├── main.tf
│ │ │ ├── output.tf
│ │ │ ├── tests
│ │ │ └── basic
│ │ │ │ ├── README.md
│ │ │ │ └── main.tf
│ │ │ └── variables.tf
│ ├── outputs.tf
│ ├── providers.tf
│ ├── requirements.tf
│ ├── security-headers-config.tf
│ ├── security-headers-lambda.tf
│ ├── tests
│ │ └── default
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ └── README.md
│ └── variables.tf
├── cloudtrail-s3-to-cloudwatch
│ ├── README.md
│ ├── bucket.tf
│ ├── cloudtrail-log-to-cloudwatch
│ │ ├── .gitignore
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── src
│ │ │ └── lambda.py
│ │ └── variables.tf
│ ├── logs-to-cloudwatch.tf
│ ├── main.tf
│ ├── variables.tf
│ └── versions.tf
├── cloudtrail
│ ├── README.md
│ ├── alerts.tf
│ ├── cloudtrail.tf
│ ├── cloudwatch.tf
│ ├── cmdb-lambda.tf
│ ├── log-metrics.tf
│ ├── modules
│ │ └── cmdb-integration
│ │ │ ├── README.md
│ │ │ ├── main.tf
│ │ │ ├── outputs.tf
│ │ │ ├── src
│ │ │ └── lambda.js
│ │ │ ├── subscription.tf
│ │ │ ├── topic.tf
│ │ │ └── variables.tf
│ ├── output.tf
│ ├── role.tf
│ ├── s3.tf
│ ├── tests
│ │ ├── alerts-enabled
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ └── README.md
│ │ ├── all-event-types-enabled
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ └── README.md
│ │ ├── basic
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ └── README.md
│ │ ├── cmdb
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ └── README.md
│ │ └── s3-encrypted
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ └── README.md
│ └── variables.tf
├── cloudwatch-alarm-notify
│ ├── README.md
│ ├── main.tf
│ ├── output.tf
│ ├── sns_email_topic_subscription.tf
│ ├── sns_lambda_slack_subscription.tf
│ ├── sns_opesgenie_topic_subscription.tf
│ ├── sns_sms_topic_subscription.tf
│ └── variables.tf
├── cloudwatch-cross-account-share-data
│ ├── README.md
│ ├── role.tf
│ └── variables.tf
├── cloudwatch
│ ├── README.md
│ ├── dashboard.tf
│ ├── variables.tf
│ └── widgets.json
├── cognito-identitiy-pool
│ ├── README.md
│ ├── pool.tf
│ └── variables.tf
├── cognito-identity-pool-final
│ ├── README.md
│ ├── client.tf
│ ├── iam-policy.tf
│ ├── iam-role.tf
│ ├── identity-pool.tf
│ ├── roles-attachment.tf
│ ├── user-pool.tf
│ └── variables.tf
├── cognito-identity
│ ├── README.md
│ ├── identity.tf
│ ├── roles-attachment.tf
│ └── variables.tf
├── cognito-user-pool
│ ├── README.md
│ ├── clients.tf
│ ├── domain.tf
│ ├── group.tf
│ ├── output.tf
│ ├── pool.tf
│ ├── tests
│ │ └── basic
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ ├── 2-assert.tf
│ │ │ └── README.md
│ ├── variables.tf
│ └── versions.tf
├── ec2
│ ├── README.md
│ ├── alarms.tf
│ ├── tests
│ │ └── basic
│ │ │ ├── README.md
│ │ │ └── main.tf
│ └── variables.tf
├── ecr
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ ├── tests
│ │ ├── basic
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ └── README.md
│ │ ├── lifecycle_policy
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ └── README.md
│ │ └── read_only_access
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ └── README.md
│ ├── variables.tf
│ └── versions.tf
├── efs
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ ├── security-group.tf
│ ├── tests
│ │ ├── lifecycle-policy-changed
│ │ │ ├── README.md
│ │ │ └── efs.tf
│ │ ├── minimal
│ │ │ ├── README.md
│ │ │ └── efs.tf
│ │ ├── mount-with-eks
│ │ │ ├── README.md
│ │ │ └── efs.tf
│ │ ├── multiple-ingress-cidrs
│ │ │ ├── README.md
│ │ │ └── efs.tf
│ │ ├── regular-with-mount-points
│ │ │ ├── README.md
│ │ │ └── efs.tf
│ │ └── regular
│ │ │ ├── README.md
│ │ │ └── efs.tf
│ ├── variables.tf
│ └── versions.tf
├── eks-iam-user-constrain
│ ├── README.md
│ ├── main.tf
│ ├── output.tf
│ └── variables.tf
├── elastic-search
│ ├── README.md
│ ├── data.tf
│ ├── main.tf
│ ├── outputs.tf
│ ├── templates
│ │ └── access_policies.tpl
│ ├── tests
│ │ └── basic
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ ├── 2-assert.tf
│ │ │ └── README.md
│ ├── variables.tf
│ └── versions.tf
├── external-secret-store
│ ├── README.md
│ ├── iam-policy.tf
│ ├── iam-user.tf
│ ├── locals.tf
│ ├── providers.tf
│ ├── secret-store.tmpl
│ ├── secret.tf
│ ├── store.tf
│ └── variables.tf
├── fluent-bit-logs-s3-to-cloudwatch
│ ├── README.md
│ ├── bucket.tf
│ ├── fb-s3-cloudwatch
│ │ ├── .gitignore
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── src
│ │ │ └── lambda.py
│ │ └── variables.tf
│ ├── logs-to-cloudwatch.tf
│ ├── variables.tf
│ └── versions.tf
├── fluent-bit-to-s3
│ ├── README.md
│ ├── helm-chart.tf
│ ├── iam-policy.json
│ ├── locals.tf
│ ├── main.tf
│ ├── namespace.tf
│ ├── output.tf
│ ├── providers.tf
│ ├── role.tf
│ ├── values.yaml
│ ├── variables.tf
│ └── versions.tf
├── goldilocks
│ ├── README.md
│ ├── ingress.tf
│ ├── main.tf
│ ├── metric-server.tf
│ ├── namespace.tf
│ ├── tests
│ │ ├── alb_cognito_sso_for_auth
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ ├── 2-assert.tf
│ │ │ └── README.md
│ │ └── basic
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ ├── 2-assert.tf
│ │ │ └── README.md
│ └── varables.tf
├── iam-account-password-policy
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ └── variables.tf
├── iam-group
│ ├── README.md
│ ├── main.tf
│ ├── output.tf
│ └── variables.tf
├── ingress
│ ├── README.md
│ ├── alarms.tf
│ ├── alb-logs-cloudwatch.tf
│ ├── data.tf
│ ├── examples
│ │ ├── k8s
│ │ │ ├── README.md
│ │ │ ├── ingress.yaml
│ │ │ └── main.tf
│ │ └── r53
│ │ │ ├── README.md
│ │ │ └── main.tf
│ ├── main.tf
│ ├── output.tf
│ ├── tests
│ │ ├── basic
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ ├── 2-assert.tf
│ │ │ └── README.md
│ │ ├── custom_alarms
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ ├── 2-assert.tf
│ │ │ └── README.md
│ │ ├── enable_s3_logs
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ ├── 2-assert.tf
│ │ │ └── README.md
│ │ ├── enable_s3_logs_to_cloudwatch
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ ├── 2-assert.tf
│ │ │ └── README.md
│ │ └── multiple-domains
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ ├── 2-assert.tf
│ │ │ └── README.md
│ ├── variables.tf
│ └── versions.tf
├── kms
│ ├── README.md
│ ├── data.tf
│ ├── locals.tf
│ ├── main.tf
│ ├── output.tf
│ ├── tests
│ │ ├── basic
│ │ │ ├── README.md
│ │ │ └── main.tf
│ │ └── policy
│ │ │ ├── README.md
│ │ │ └── main.tf
│ └── variables.tf
├── metric-filter
│ ├── README.md
│ ├── main.tf
│ └── variables.tf
├── metrics-filter-multiple
│ ├── README.md
│ ├── filter.tf
│ ├── variables.tf
│ └── versions.tf
├── mongodb-atlas
│ ├── README.md
│ ├── access_user.tf
│ ├── alerts.tf
│ ├── auditing.tf
│ ├── backup.tf
│ ├── cluster.tf
│ ├── network.tf
│ ├── outputs.tf
│ ├── project.tf
│ ├── team.tf
│ ├── users.tf
│ ├── variables.tf
│ └── versions.tf
├── mongodb
│ ├── README.md
│ ├── main.tf
│ ├── tests
│ │ └── basic
│ │ │ ├── 1-example.tf
│ │ │ └── README.md
│ ├── variables.tf
│ └── versions.tf
├── route53-alerts-notify
│ ├── README.md
│ ├── cloudwatch_alarm.tf
│ ├── health_check.tf
│ ├── lambdas.tf
│ ├── locals.tf
│ ├── requirements.tf
│ ├── sns_email_topic_subscription.tf
│ ├── sns_opesgenie_topic_subscription.tf
│ ├── sns_sms_topic_subscription.tf
│ └── variables.tf
├── secret-reader
│ ├── README.md
│ ├── data.tf
│ ├── output.tf
│ ├── tests
│ │ └── default
│ │ │ ├── README.md
│ │ │ └── main.tf
│ └── variables.tf
├── secret
│ ├── README.md
│ ├── outputs.tf
│ ├── secret.tf
│ ├── tests
│ │ ├── basic
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ ├── 2-assert.tf
│ │ │ └── README.md
│ │ └── kms_encrypted
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ ├── 2-assert.tf
│ │ │ └── README.md
│ ├── variables.tf
│ └── versions.tf
├── service-alerts
│ ├── README.md
│ ├── main.tf
│ ├── output.tf
│ └── variables.tf
├── ses
│ ├── README.md
│ ├── iam.tf
│ ├── locals.tf
│ ├── main.tf
│ ├── ouputs.tf
│ ├── tests
│ │ ├── basic
│ │ │ ├── README.md
│ │ │ └── main.tf
│ │ └── multiple
│ │ │ ├── README.md
│ │ │ └── main.tf
│ └── variables.tf
├── sns-cronjob
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ ├── roles.tf
│ ├── variables.tf
│ └── versions.tf
├── sqs
│ ├── README.md
│ ├── data.tf
│ ├── locals.tf
│ ├── main.tf
│ ├── outputs.tf
│ ├── tests
│ │ └── basic
│ │ │ ├── README.md
│ │ │ └── main.tf
│ └── variables.tf
├── ssl-certificate
│ ├── README.md
│ ├── certificates.tf
│ ├── data.tf
│ ├── output.tf
│ ├── r53-validation.tf
│ ├── tests
│ │ ├── alternative_domain
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ ├── 2-assert.tf
│ │ │ └── README.md
│ │ ├── certificate
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ ├── 2-assert.tf
│ │ │ └── README.md
│ │ └── certificate_wtih_validation
│ │ │ ├── 0-setup.tf
│ │ │ ├── 1-example.tf
│ │ │ ├── 2-assert.tf
│ │ │ └── README.md
│ └── variables.tf
├── vpc-flow-logs-to-s3-to-cloudwatch
│ ├── README.md
│ ├── bucket.tf
│ ├── logs-to-cloudwatch.tf
│ ├── variables.tf
│ ├── versions.tf
│ └── vpc-logs-to-cloudwatch
│ │ ├── .gitignore
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ ├── src
│ │ └── lambda.py
│ │ └── variables.tf
├── vpc
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ └── variables.tf
└── waf
│ ├── README.md
│ ├── alerts.tf
│ ├── dashboard.tf
│ ├── data.tf
│ ├── local.tf
│ ├── main.tf
│ ├── output.tf
│ ├── tests
│ ├── alb-association-block-mode
│ │ ├── 0-setup.tf
│ │ ├── 1-example.tf
│ │ ├── README.md
│ │ └── main.tf
│ ├── alb-association-count-mode
│ │ ├── 0-setup.tf
│ │ ├── 1-example.tf
│ │ └── README.md
│ └── overwrite-alarms
│ │ ├── 0-setup.tf
│ │ ├── 1-example.tf
│ │ └── README.md
│ ├── variables.tf
│ └── versions.tf
└── package.json
/.github/workflows/pre-commit.yaml:
--------------------------------------------------------------------------------
1 | name: Pre-Commit
2 | on:
3 | pull_request:
4 | push:
5 | branches: [main, master]
6 | jobs:
7 | terraform-validate:
8 | runs-on: ubuntu-latest
9 | permissions:
10 | actions: write
11 | contents: write
12 | discussions: write
13 | pull-requests: write
14 | id-token: write
15 | steps:
16 | - name: Pre-Commit
17 | uses: dasmeta/reusable-actions-workflows/pre-commit@4.2.1
18 | with:
19 | repo-token: ${{ secrets.GITHUB_TOKEN }}
20 | path: modules/
21 |
--------------------------------------------------------------------------------
/.github/workflows/semantic-release.yaml:
--------------------------------------------------------------------------------
1 | name: Semantic-Release
2 | on: [pull_request, push]
3 | jobs:
4 | publish:
5 | runs-on: ubuntu-latest
6 | permissions:
7 | actions: write
8 | contents: write
9 | discussions: write
10 | pull-requests: write
11 | id-token: write
12 |
13 | steps:
14 | - uses: actions/checkout@v2
15 | - name: Setup Node.js
16 | uses: actions/setup-node@v1
17 | with:
18 | node-version: 16
19 | - name: Semantic Release
20 | uses: cycjimmy/semantic-release-action@v3
21 | env:
22 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
23 | NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
24 |
--------------------------------------------------------------------------------
/.github/workflows/tfsec.yaml:
--------------------------------------------------------------------------------
1 | name: TFSEC
2 | on:
3 | pull_request:
4 | push:
5 | branches: [main, master]
6 | jobs:
7 | terraform-tfsec:
8 | runs-on: ubuntu-latest
9 | permissions:
10 | actions: write
11 | contents: write
12 | discussions: write
13 | pull-requests: write
14 | id-token: write
15 | security-events: write
16 | steps:
17 | - uses: dasmeta/reusable-actions-workflows/tfsec@4.2.1
18 | with:
19 | fetch-depth: 0
20 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Local .terraform directories
2 | **/.terraform/*
3 | **/.idea/*
4 |
5 | # .tfstate files
6 | *.tfstate
7 | *.tfstate.*
8 | *.lock.hcl
9 |
10 | # Crash log files
11 | crash.log
12 |
13 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most
14 | # .tfvars files are managed as part of configuration and so should be included in
15 | # version control.
16 | #
17 | # example.tfvars
18 |
19 | # Ignore override files as they are usually used to override resources locally and so
20 | # are not checked in
21 | override.tf
22 | override.tf.json
23 | *_override.tf
24 | *_override.tf.json
25 |
26 | # Include override files you do wish to add to version control using negated pattern
27 | #
28 | # !example_override.tf
29 |
30 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
31 | # example: *tfplan*
32 |
33 | .DS_Store
34 | .tool-versions
35 | **/*.zip
36 |
--------------------------------------------------------------------------------
/commitlint.config.js:
--------------------------------------------------------------------------------
1 | module.exports = {
2 | extends: [
3 | "@commitlint/config-conventional"
4 | ]
5 | }
6 |
--------------------------------------------------------------------------------
/githooks/commit-msg:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | # File generated by pre-commit: https://pre-commit.com
3 | # ID: 138fd403232d2ddd5efb44317e38bf03
4 |
5 | # start templated
6 | INSTALL_PYTHON=/usr/bin/python3
7 | ARGS=(hook-impl --config=.pre-commit-config.yaml --hook-type=commit-msg)
8 | # end templated
9 |
10 | HERE="$(cd "$(dirname "$0")" && pwd)"
11 | ARGS+=(--hook-dir "$HERE" -- "$@")
12 |
13 | if command -v pre-commit > /dev/null; then
14 | exec pre-commit "${ARGS[@]}"
15 | elif [ -x "$INSTALL_PYTHON" ]; then
16 | exec "$INSTALL_PYTHON" -mpre_commit "${ARGS[@]}"
17 | else
18 | echo '`pre-commit` not found. Did you forget to activate your virtualenv?' 1>&2
19 | exit 1
20 | fi
21 |
--------------------------------------------------------------------------------
/githooks/pre-commit:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -e
4 | pre-commit run --show-diff-on-failure --color=always --all-files
5 |
--------------------------------------------------------------------------------
/modules/README.md:
--------------------------------------------------------------------------------
1 |
2 | ## Requirements
3 |
4 | No requirements.
5 |
6 | ## Providers
7 |
8 | No providers.
9 |
10 | ## Modules
11 |
12 | No modules.
13 |
14 | ## Resources
15 |
16 | No resources.
17 |
18 | ## Inputs
19 |
20 | No inputs.
21 |
22 | ## Outputs
23 |
24 | No outputs.
25 |
26 |
--------------------------------------------------------------------------------
/modules/alb-logs-to-s3-to-cloudwatch/alb-to-s3-to-cloudwatch-lambda/.gitignore:
--------------------------------------------------------------------------------
1 | *.zip
2 |
--------------------------------------------------------------------------------
/modules/alb-logs-to-s3-to-cloudwatch/alb-to-s3-to-cloudwatch-lambda/outputs.tf:
--------------------------------------------------------------------------------
1 | output "function_arn" {
2 | value = module.lambda.lambda_function_arn
3 | }
4 |
5 | output "function_name" {
6 | value = module.lambda.lambda_function_name
7 | }
8 |
--------------------------------------------------------------------------------
/modules/alb-logs-to-s3-to-cloudwatch/alb-to-s3-to-cloudwatch-lambda/variables.tf:
--------------------------------------------------------------------------------
1 | variable "function_name" {
2 | type = string
3 | default = ""
4 | }
5 |
6 | variable "bucket_name" {
7 | type = string
8 | }
9 |
10 | variable "log_group_name" {
11 | type = string
12 | }
13 |
14 | variable "memory_size" {
15 | description = "Memory size for Lambda function"
16 | type = number
17 | default = null
18 | }
19 |
20 | variable "timeout" {
21 | description = "Timeout for Lambda function"
22 | type = number
23 | default = null
24 | }
25 |
26 | variable "create_alarm" {
27 | type = bool
28 | default = false
29 | }
30 |
31 | # variable "alarm_actions" {
32 | # type = list(string)
33 | # default = []
34 | # }
35 |
36 | # variable "ok_actions" {
37 | # type = list(string)
38 | # default = []
39 | # }
40 |
--------------------------------------------------------------------------------
/modules/alb-logs-to-s3-to-cloudwatch/tests/basic/README.md:
--------------------------------------------------------------------------------
1 | # basic
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | No providers.
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [alb-to-cloudwatch](#module\_alb-to-cloudwatch) | ../../ | n/a |
17 |
18 | ## Resources
19 |
20 | No resources.
21 |
22 | ## Inputs
23 |
24 | No inputs.
25 |
26 | ## Outputs
27 |
28 | No outputs.
29 |
30 |
--------------------------------------------------------------------------------
/modules/alb-logs-to-s3-to-cloudwatch/tests/basic/main.tf:
--------------------------------------------------------------------------------
1 | module "alb-to-cloudwatch" {
2 | source = "../../"
3 | alb_log_bucket_name = "alb-logs-stage-2"
4 | region = "eu-central-1"
5 | }
6 |
--------------------------------------------------------------------------------
/modules/alb-logs-to-s3-to-cloudwatch/variables.tf:
--------------------------------------------------------------------------------
1 | variable "alb_log_bucket_name" {
2 | type = string
3 | }
4 |
5 | variable "create_alb_log_bucket" {
6 | type = bool
7 | default = true
8 | description = "wether or no to create alb s3 logs bucket"
9 | }
10 |
11 | variable "create_lambda" {
12 | type = bool
13 | default = true
14 | }
15 |
16 | variable "alb_log_bucket_prefix" {
17 | type = string
18 | default = ""
19 | }
20 |
21 | variable "region" {
22 | type = string
23 | default = "us-east-1"
24 | description = "Default region"
25 | }
26 |
27 | variable "account_id" {
28 | type = string
29 | default = ""
30 | }
31 |
32 | variable "log_retention_days" {
33 | type = number
34 | default = 7
35 | description = "Log Retention days for s3"
36 | }
37 |
--------------------------------------------------------------------------------
/modules/alb-logs-to-s3-to-cloudwatch/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "~> 4.16"
6 | }
7 | }
8 |
9 | required_version = "~> 1.0"
10 | }
11 |
--------------------------------------------------------------------------------
/modules/api-gateway-account-settings/variables.tf:
--------------------------------------------------------------------------------
1 | variable "set_account_settings" {
2 | type = bool
3 | default = false
4 | description = "The account setting is important to have per account region level set before enabling logging as it have important setting set for cloudwatch role arn, also cloudwatch role should be created before enabling setting"
5 | }
6 |
7 | variable "create_cloudwatch_log_role" {
8 | type = bool
9 | default = false
10 | description = "This allows to create cloudwatch role which is one per aws account and is not region specific"
11 | }
12 |
--------------------------------------------------------------------------------
/modules/api-gateway/cloudwatch.tf:
--------------------------------------------------------------------------------
1 | resource "aws_cloudwatch_log_group" "access_logs" {
2 | count = var.enable_access_logs ? 1 : 0
3 |
4 | name = "api-gateway-${var.name}-${var.stage_name}-logs"
5 | }
6 |
--------------------------------------------------------------------------------
/modules/api-gateway/custom-domain/certificate.tf:
--------------------------------------------------------------------------------
1 | module "certificate_regional" {
2 | source = "dasmeta/modules/aws//modules/ssl-certificate"
3 | version = "0.34.0"
4 |
5 | for_each = { for key, custom_domain in local.custom_domains_map : key => custom_domain if var.endpoint_config_type == "REGIONAL" }
6 |
7 | domain = each.key
8 | zone = each.value.zone_name
9 | }
10 |
11 | module "certificate_edge" {
12 | source = "dasmeta/modules/aws//modules/ssl-certificate"
13 | version = "0.34.0"
14 |
15 | for_each = { for key, custom_domain in local.custom_domains_map : key => custom_domain if var.endpoint_config_type == "EDGE" }
16 |
17 | domain = each.key
18 | zone = each.value.zone_name
19 |
20 | providers = {
21 | aws = aws.virginia
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/modules/api-gateway/custom-domain/data.tf:
--------------------------------------------------------------------------------
1 | data "aws_route53_zone" "custom_domain_zones" {
2 | for_each = local.custom_domains_map
3 |
4 | name = each.value.zone_name
5 | }
6 |
--------------------------------------------------------------------------------
/modules/api-gateway/custom-domain/locals.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | custom_domains_map = { for custom_domain in var.custom_domains : "${custom_domain.name}.${custom_domain.zone_name}" => custom_domain }
3 |
4 | r53_records = flatten([for key, custom_domain in var.custom_domains : try(length(var.custom_domain_additional_options[key]), 0) == 0 ? [
5 | merge(
6 | {
7 | key : "${custom_domain.name}.${custom_domain.zone_name}-primary",
8 | set_identifier = null
9 | geolocation_routing_policy = {}
10 | },
11 | custom_domain
12 | )
13 | ] : [
14 | for additional_options in var.custom_domain_additional_options[key] : merge(
15 | { key : additional_options.set_identifier },
16 | custom_domain,
17 | additional_options
18 | )
19 | ]])
20 | }
21 |
--------------------------------------------------------------------------------
/modules/api-gateway/custom-domain/main.tf:
--------------------------------------------------------------------------------
1 | resource "aws_api_gateway_domain_name" "custom_domains" {
2 | for_each = local.custom_domains_map
3 |
4 | regional_certificate_arn = try(module.certificate_regional[each.key].arn, null)
5 | certificate_arn = try(module.certificate_edge[each.key].arn, null)
6 | domain_name = each.key
7 |
8 | endpoint_configuration {
9 | types = [var.endpoint_config_type]
10 | }
11 | }
12 |
13 | resource "aws_api_gateway_base_path_mapping" "custom_domains_api_mapping" {
14 | for_each = aws_api_gateway_domain_name.custom_domains
15 |
16 | api_id = var.api_id
17 | stage_name = var.stage_name
18 | domain_name = each.value.domain_name
19 | }
20 |
--------------------------------------------------------------------------------
/modules/api-gateway/iam.tf:
--------------------------------------------------------------------------------
1 | data "aws_region" "current" {}
2 |
3 | module "api_iam_user" {
4 | source = "dasmeta/modules/aws//modules/aws-iam-user"
5 | version = "0.35.5"
6 |
7 | create_user = var.create_iam_user
8 | create_policy = true
9 | username = "${var.name}-user"
10 | console = false
11 | policy = templatefile("${path.module}/src/iam-policy.json.tpl", {
12 | api_gateway_id = aws_api_gateway_rest_api.this.id
13 | region = data.aws_region.current.name
14 | })
15 | pgp_key = var.pgp_key
16 | }
17 |
--------------------------------------------------------------------------------
/modules/api-gateway/outputs.tf:
--------------------------------------------------------------------------------
1 | output "id" {
2 | value = aws_api_gateway_rest_api.this.id
3 | description = "The ID of the REST API."
4 | }
5 |
6 | output "execution_arn" {
7 | value = aws_api_gateway_rest_api.this.*.execution_arn
8 | description = "The Execution ARN of the REST API."
9 | }
10 |
11 | output "access_key_id" {
12 | description = "The access key ID"
13 | value = module.api_iam_user.iam_access_key_id
14 | }
15 |
16 | output "access_secret_key" {
17 | description = "The access key secret"
18 | value = module.api_iam_user.iam_access_key_secret
19 | sensitive = true
20 | }
21 |
22 | output "access_secret_key_encrypted" {
23 | description = "The access key secret with pgp encryption"
24 | value = module.api_iam_user.iam_access_key_encrypted_secret
25 | }
26 |
--------------------------------------------------------------------------------
/modules/api-gateway/src/iam-policy.json.tpl:
--------------------------------------------------------------------------------
1 | {
2 | "Version": "2012-10-17",
3 | "Statement": [
4 | {
5 | "Sid": "VisualEditor0",
6 | "Effect": "Allow",
7 | "Action": "apigateway:GET",
8 | "Resource": [
9 | "arn:aws:apigateway:${region}::/account",
10 | "arn:aws:apigateway:${region}::/apis",
11 | "arn:aws:apigateway:${region}::/restapis",
12 | "arn:aws:apigateway:${region}::/restapis/${api_gateway_id}",
13 | "arn:aws:apigateway:${region}::/restapis/${api_gateway_id}/*"
14 | ]
15 | },
16 | {
17 | "Sid": "VisualEditor4",
18 | "Effect": "Allow",
19 | "Action": "apigateway:*",
20 | "Resource": [
21 | "arn:aws:apigateway:${region}::/apikeys/*",
22 | "arn:aws:apigateway:${region}::/apikeys",
23 | "arn:aws:apigateway:${region}::/usageplans",
24 | "arn:aws:apigateway:${region}::/usageplans/*"
25 | ]
26 | }
27 | ]
28 | }
29 |
--------------------------------------------------------------------------------
/modules/api-gateway/version.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 0.15.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | }
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/modules/appconfig/application.tf:
--------------------------------------------------------------------------------
1 | resource "aws_appconfig_application" "main" {
2 | name = var.name
3 | description = var.description
4 | }
5 |
--------------------------------------------------------------------------------
/modules/appconfig/deployment-strategies.tf:
--------------------------------------------------------------------------------
1 | resource "aws_appconfig_deployment_strategy" "main" {
2 | for_each = { for item in var.deployment_strategies : item.name => item }
3 |
4 | name = each.value.name
5 | description = each.value.description
6 | deployment_duration_in_minutes = each.value.deployment_duration_in_minutes
7 | final_bake_time_in_minutes = each.value.final_bake_time_in_minutes
8 | growth_factor = each.value.growth_factor
9 | growth_type = each.value.growth_type
10 | replicate_to = each.value.replicate_to
11 | }
12 |
--------------------------------------------------------------------------------
/modules/appconfig/locals.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | deployments = flatten([for env in var.environments : [for deploy in env.deploys : {
3 | environment = env.name
4 | config = deploy.config
5 | version = deploy.version
6 | strategy = deploy.strategy
7 | }]])
8 | }
9 |
--------------------------------------------------------------------------------
/modules/appconfig/outputs.tf:
--------------------------------------------------------------------------------
1 | output "application" {
2 | value = aws_appconfig_application.main
3 | }
4 |
--------------------------------------------------------------------------------
/modules/appconfig/tests/basic/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = ">= 3.41"
6 | }
7 | }
8 |
9 | required_version = ">= 1.3.0"
10 | }
11 |
12 | /**
13 | * set the following env vars so that aws provider will get authenticated before apply:
14 |
15 | export AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxxxxxx
16 | export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxx
17 | */
18 | provider "aws" {
19 | region = "eu-central-1"
20 | }
21 |
--------------------------------------------------------------------------------
/modules/appconfig/tests/basic/README.md:
--------------------------------------------------------------------------------
1 | # basic
2 |
3 |
4 | ## Requirements
5 |
6 | | Name | Version |
7 | |------|---------|
8 | | [terraform](#requirement\_terraform) | >= 1.3.0 |
9 | | [aws](#requirement\_aws) | >= 3.41 |
10 |
11 | ## Providers
12 |
13 | No providers.
14 |
15 | ## Modules
16 |
17 | | Name | Source | Version |
18 | |------|--------|---------|
19 | | [this](#module\_this) | ../.. | n/a |
20 |
21 | ## Resources
22 |
23 | No resources.
24 |
25 | ## Inputs
26 |
27 | No inputs.
28 |
29 | ## Outputs
30 |
31 | No outputs.
32 |
33 |
--------------------------------------------------------------------------------
/modules/appconfig/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.3"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.3, < 6.0"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/.envrc:
--------------------------------------------------------------------------------
1 | layout python3
2 |
3 | pip install black flake8 isort 'pretf[aws]==0.7.3' pytest pytest-xdist
4 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/.gitignore:
--------------------------------------------------------------------------------
1 | __pycache__
2 | .direnv
3 | .terraform
4 | *.tf.json
5 | *.zip
6 | tests/changes/src/*.json
7 | tests/filename/src/*.json
8 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | # terraform-aws-lambda-builder changes
2 |
3 | ## v1.0.1
4 |
5 | ### Fixed
6 |
7 | * Fixed dependency in S3 mode
8 |
9 | ## v1.0.0
10 |
11 | ### Added
12 |
13 | * New `build_mode` value `CODEBUILD` with example using the `go1.x` runtime.
14 |
15 | ### Breaking changes
16 |
17 | * `builder_memory_size` renamed to `lambda_builder_memory_size`.
18 | * `builder_timeout` renamed to `lambda_builder_timeout`.
19 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: all
2 | all:
3 | isort --recursive *.py codebuild_builder lambda_builders tests
4 | black *.py codebuild_builder lambda_builders tests
5 | flake8 --ignore E501 *.py codebuild_builder lambda_builders tests
6 | terraform fmt -recursive
7 |
8 | .PHONY: clean
9 | clean:
10 | find tests -maxdepth 3 -name '*.json' -delete
11 | find zip_files -name '*.zip' -delete
12 |
13 | .PHONY: test tests
14 | test tests:
15 | pytest -v -n auto --dist=loadfile tests
16 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/requirements.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = ">= 3.41"
6 | }
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/changes/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: test
2 | test:
3 | pytest -v
4 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/changes/README.md:
--------------------------------------------------------------------------------
1 | # changes
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | | Name | Version |
11 | |------|---------|
12 | | [aws](#provider\_aws) | n/a |
13 | | [random](#provider\_random) | n/a |
14 |
15 | ## Modules
16 |
17 | No modules.
18 |
19 | ## Resources
20 |
21 | | Name | Type |
22 | |------|------|
23 | | [aws_s3_bucket.packages](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
24 | | [random_id.bucket_name](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
25 |
26 | ## Inputs
27 |
28 | No inputs.
29 |
30 | ## Outputs
31 |
32 | | Name | Description |
33 | |------|-------------|
34 | | [bucket](#output\_bucket) | n/a |
35 |
36 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/changes/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | profile = "rbutcher"
3 | region = "eu-west-1"
4 | }
5 |
6 | resource "random_id" "bucket_name" {
7 | prefix = "terraform-aws-lambda-builder-tests-"
8 | byte_length = 8
9 | }
10 |
11 | resource "aws_s3_bucket" "packages" {
12 | bucket = random_id.bucket_name.hex
13 | acl = "private"
14 | }
15 |
16 | output "bucket" {
17 | value = aws_s3_bucket.packages.id
18 | }
19 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/changes/src/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # version.json gets added by the test script
4 | # then the source zip will contain version.json
5 | # this build script moves the file, so the final
6 | # lambda package will have result.json instead.
7 | mv version.json result.json
8 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/changes/src/lambda.py:
--------------------------------------------------------------------------------
1 | import glob
2 | import json
3 |
4 |
5 | def handler(event, context):
6 | with open("result.json") as open_file:
7 | result = json.load(open_file)
8 | result["files"] = sorted(glob.glob("*"))
9 | return result
10 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/changes/terraform.tf.py:
--------------------------------------------------------------------------------
1 | from pretf.aws import terraform_backend_s3
2 |
3 |
4 | def pretf_blocks():
5 | yield terraform_backend_s3(
6 | bucket="terraform-aws-lambda-builder",
7 | dynamodb_table="terraform-aws-lambda-builder",
8 | key="tests.tfstate",
9 | profile="rbutcher",
10 | region="eu-west-1",
11 | )
12 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/filename/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: test
2 | test:
3 | pytest -v
4 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/filename/README.md:
--------------------------------------------------------------------------------
1 | # filename
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | No providers.
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [build\_and\_upload\_directly](#module\_build\_and\_upload\_directly) | ../../ | n/a |
17 | | [upload\_directly](#module\_upload\_directly) | ../../ | n/a |
18 |
19 | ## Resources
20 |
21 | No resources.
22 |
23 | ## Inputs
24 |
25 | No inputs.
26 |
27 | ## Outputs
28 |
29 | No outputs.
30 |
31 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/filename/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | profile = "rbutcher"
3 | region = "eu-west-1"
4 | }
5 |
6 | module "build_and_upload_directly" {
7 | source = "../../"
8 |
9 | build_mode = "FILENAME"
10 | filename = "${path.module}/package.zip"
11 | function_name = "terraform-aws-lambda-builder-filename1"
12 | handler = "lambda.handler"
13 | runtime = "python3.10"
14 | source_dir = "${path.module}/src"
15 | }
16 |
17 | module "upload_directly" {
18 | source = "../../"
19 |
20 | function_name = "terraform-aws-lambda-builder-filename2"
21 | handler = "lambda.handler"
22 | runtime = "python3.10"
23 | filename = "${path.module}/test2.zip"
24 | }
25 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/filename/src/lambda.py:
--------------------------------------------------------------------------------
1 | import json
2 | import os
3 |
4 |
5 | def handler(event, context):
6 | data = {"success": True}
7 | if os.path.exists("hello.json"):
8 | with open("hello.json") as open_file:
9 | data.update(json.load(open_file))
10 | return data
11 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/filename/terraform.tf.py:
--------------------------------------------------------------------------------
1 | from pretf.aws import terraform_backend_s3
2 |
3 |
4 | def pretf_blocks():
5 | yield terraform_backend_s3(
6 | bucket="terraform-aws-lambda-builder",
7 | dynamodb_table="terraform-aws-lambda-builder",
8 | key="filename/terraform.tfstate",
9 | profile="rbutcher",
10 | region="eu-west-1",
11 | )
12 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/golang/Makefile:
--------------------------------------------------------------------------------
1 | # Create, test, and destroy the Lambda function.
2 | .PHONY: test
3 | test:
4 | pytest -v
5 |
6 | # Test the deployed Lambda function by invoking it.
7 | # This is useful if you want to test the function,
8 | # but not create and destroy it with Terraform too.
9 | .PHONY: invoke
10 | invoke:
11 | pytest -v test_golang.py::TestGolang::test_invoke_lambda_function
12 |
13 | # Builds the function locally in Docker, not exactly like CodeBuild,
14 | # just enough to check if the Go code is right.
15 | .PHONY: local
16 | local:
17 | docker run -v $(PWD)/src:/tmp/src golang:1.14 sh -c " \
18 | cd /tmp/src && \
19 | go fmt && \
20 | cp -r . /go/src/lambda && \
21 | cd /go/src/lambda && \
22 | go get -d -v ./... && \
23 | go test && \
24 | go build -o main main.go \
25 | "
26 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/golang/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | profile = "rbutcher"
3 | region = "eu-west-1"
4 | }
5 |
6 | resource "random_id" "bucket_name" {
7 | prefix = "terraform-aws-lambda-builder-tests-"
8 | byte_length = 8
9 | }
10 |
11 | resource "aws_s3_bucket" "packages" {
12 | bucket = random_id.bucket_name.hex
13 | acl = "private"
14 | }
15 |
16 | module "lambda_function" {
17 | source = "../../"
18 |
19 | build_mode = "CODEBUILD"
20 | function_name = "terraform-aws-lambda-builder-golang"
21 | handler = "main"
22 | role_cloudwatch_logs = true
23 | runtime = "go1.x"
24 | s3_bucket = aws_s3_bucket.packages.id
25 | source_dir = "${path.module}/src"
26 | timeout = 30
27 | }
28 |
29 | output "function_name" {
30 | value = module.lambda_function.function_name
31 | }
32 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/golang/src/buildspec.yml:
--------------------------------------------------------------------------------
1 | version: 0.2
2 |
3 | env:
4 | variables:
5 | GOARCH: amd64
6 | GOOS: linux
7 |
8 | phases:
9 | pre_build:
10 | commands:
11 | - ln -s "${CODEBUILD_SRC_DIR}" /go/src/lambda
12 | - cd /go/src/lambda
13 | - go get -d -v ./...
14 | build:
15 | commands:
16 | - go test
17 | - go build -o main main.go
18 |
19 | artifacts:
20 | files:
21 | - main
22 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/golang/src/main.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "fmt"
5 | "github.com/aws/aws-lambda-go/lambda"
6 | )
7 |
8 | type Event struct {
9 | Name string `json:"name"`
10 | }
11 |
12 | func HandleRequest(event Event) (string, error) {
13 | return fmt.Sprintf("Hello %s!", event.Name), nil
14 | }
15 |
16 | func main() {
17 | lambda.Start(HandleRequest)
18 | }
19 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/golang/src/main_test.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import "testing"
4 |
5 | func TestHandler(t *testing.T) {
6 |
7 | event := Event{Name: "gotest"}
8 |
9 | response, err := HandleRequest(event)
10 |
11 | if err != nil {
12 | t.Errorf("unexpected err, got: %v, wanted: %v", err, nil)
13 | }
14 |
15 | expected := "Hello gotest!"
16 | if response != expected {
17 | t.Errorf("unexpected response, got: %v, wanted %v", response, expected)
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/golang/terraform.tf.py:
--------------------------------------------------------------------------------
1 | from pretf.aws import terraform_backend_s3
2 |
3 |
4 | def pretf_blocks():
5 | yield terraform_backend_s3(
6 | bucket="terraform-aws-lambda-builder",
7 | dynamodb_table="terraform-aws-lambda-builder",
8 | key="golang.tfstate",
9 | profile="rbutcher",
10 | region="eu-west-1",
11 | )
12 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/nodejs/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: test
2 | test:
3 | pytest -v
4 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/nodejs/src/build.sh:
--------------------------------------------------------------------------------
1 | npm install
2 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/nodejs/src/index.js:
--------------------------------------------------------------------------------
1 | 'use strict';
2 |
3 | const jwt = require('jsonwebtoken');
4 |
5 | exports.handler = function (event, context, callback) {
6 | const token = jwt.sign({ foo: 'bar' }, 'shhhhh');
7 | callback(null, { success: true, token: token });
8 | };
9 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/nodejs/src/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "dependencies": {
3 | "jsonwebtoken": "^7.4.3"
4 | }
5 | }
6 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/nodejs/terraform.tf.py:
--------------------------------------------------------------------------------
1 | from pretf.aws import terraform_backend_s3
2 |
3 |
4 | def pretf_blocks():
5 | yield terraform_backend_s3(
6 | bucket="terraform-aws-lambda-builder",
7 | dynamodb_table="terraform-aws-lambda-builder",
8 | key="nodejs/terraform.tfstate",
9 | profile="rbutcher",
10 | region="eu-west-1",
11 | )
12 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/python/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: test
2 | test:
3 | pytest -v
4 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/python/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | profile = "rbutcher"
3 | region = "eu-west-1"
4 | }
5 |
6 | resource "random_id" "bucket_name" {
7 | prefix = "terraform-aws-lambda-builder-tests-"
8 | byte_length = 8
9 | }
10 |
11 | resource "aws_s3_bucket" "packages" {
12 | bucket = random_id.bucket_name.hex
13 | acl = "private"
14 | }
15 |
16 |
17 | module "lambda_function_310" {
18 | source = "../../"
19 |
20 | build_mode = "LAMBDA"
21 | function_name = "terraform-aws-lambda-builder-python-38"
22 | handler = "lambda.handler"
23 | role_cloudwatch_logs = true
24 | runtime = "python3.10"
25 | s3_bucket = aws_s3_bucket.packages.id
26 | source_dir = "${path.module}/src"
27 | timeout = 30
28 | }
29 |
30 | output "function_names" {
31 | value = [
32 | module.lambda_function_310.function_name,
33 | ]
34 | }
35 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/python/src/build.sh:
--------------------------------------------------------------------------------
1 | pip install -r requirements.txt -t .
2 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/python/src/lambda.py:
--------------------------------------------------------------------------------
1 | def handler(event, context):
2 | import timeprint
3 |
4 | with timeprint:
5 | import numpy as np
6 |
7 | assert np.array_equal(np.array([1, 2]) + 3, np.array([4, 5]))
8 |
9 | return {"success": True}
10 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/python/src/requirements.txt:
--------------------------------------------------------------------------------
1 | numpy
2 | timeprint
3 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/python/terraform.tf.py:
--------------------------------------------------------------------------------
1 | from pretf.aws import terraform_backend_s3
2 |
3 |
4 | def pretf_blocks():
5 | yield terraform_backend_s3(
6 | bucket="terraform-aws-lambda-builder",
7 | dynamodb_table="terraform-aws-lambda-builder",
8 | key="python.tfstate",
9 | profile="rbutcher",
10 | region="eu-west-1",
11 | )
12 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/s3/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: test
2 | test:
3 | pytest -v
4 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/s3/README.md:
--------------------------------------------------------------------------------
1 | # s3
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | | Name | Version |
11 | |------|---------|
12 | | [aws](#provider\_aws) | n/a |
13 | | [random](#provider\_random) | n/a |
14 |
15 | ## Modules
16 |
17 | | Name | Source | Version |
18 | |------|--------|---------|
19 | | [zip\_and\_upload\_without\_build](#module\_zip\_and\_upload\_without\_build) | ../../ | n/a |
20 |
21 | ## Resources
22 |
23 | | Name | Type |
24 | |------|------|
25 | | [aws_s3_bucket.packages](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
26 | | [random_id.bucket_name](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
27 |
28 | ## Inputs
29 |
30 | No inputs.
31 |
32 | ## Outputs
33 |
34 | No outputs.
35 |
36 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/s3/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | profile = "rbutcher"
3 | region = "eu-west-1"
4 | }
5 |
6 | resource "random_id" "bucket_name" {
7 | prefix = "terraform-aws-lambda-builder-tests-"
8 | byte_length = 8
9 | }
10 |
11 | resource "aws_s3_bucket" "packages" {
12 | bucket = random_id.bucket_name.hex
13 | }
14 |
15 | module "zip_and_upload_without_build" {
16 | source = "../../"
17 |
18 | build_mode = "S3"
19 | function_name = "terraform-aws-lambda-builder-s3"
20 | handler = "lambda.handler"
21 | runtime = "python3.10"
22 | s3_bucket = aws_s3_bucket.packages.id
23 | s3_key = "direct-s3-test.zip"
24 | source_dir = "${path.module}/src"
25 | }
26 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/s3/src/lambda.py:
--------------------------------------------------------------------------------
1 | def handler(event, context):
2 | return {"success": True}
3 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/tests/s3/terraform.tf.py:
--------------------------------------------------------------------------------
1 | from pretf.aws import terraform_backend_s3
2 |
3 |
4 | def pretf_blocks():
5 | yield terraform_backend_s3(
6 | bucket="terraform-aws-lambda-builder",
7 | dynamodb_table="terraform-aws-lambda-builder",
8 | key="s3.tfstate",
9 | profile="rbutcher",
10 | region="eu-west-1",
11 | )
12 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 0.12.0"
3 | }
4 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/workflows/README.yml:
--------------------------------------------------------------------------------
1 | name: README.md
2 |
3 | on:
4 | push:
5 | branches:
6 | - master
7 |
8 | jobs:
9 | build:
10 | runs-on: ubuntu-18.04
11 | steps:
12 | - uses: actions/checkout@v2
13 | - run: docker run --rm -v $PWD:/data claranet/terraform-docs:0.8.1 terraform-docs-replace-012 --sort-inputs-by-required --with-aggregate-type-defaults --no-providers md README.md
14 | - uses: claranet/git-auto-commit-action@v3.0.0
15 | with:
16 | file_pattern: README.md
17 | commit_message: Update README.md using terraform-docs
18 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/zip_files/.gitignore:
--------------------------------------------------------------------------------
1 | *.zip
2 |
--------------------------------------------------------------------------------
/modules/aws-alb-to-cloudwatch-lambda/zip_files/README.md:
--------------------------------------------------------------------------------
1 | this is where zips go
2 |
--------------------------------------------------------------------------------
/modules/aws-cloudfront-security-headers/cloudfront.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dasmeta/terraform-aws-modules/7f0739f1589f107de5ff9239e439a4e82f78a7ff/modules/aws-cloudfront-security-headers/cloudfront.gif
--------------------------------------------------------------------------------
/modules/aws-cloudfront-security-headers/deploy.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dasmeta/terraform-aws-modules/7f0739f1589f107de5ff9239e439a4e82f78a7ff/modules/aws-cloudfront-security-headers/deploy.zip
--------------------------------------------------------------------------------
/modules/aws-cloudfront-security-headers/outputs.tf:
--------------------------------------------------------------------------------
1 | output "lambda_arn" {
2 | value = aws_lambda_function.this.qualified_arn
3 | }
4 | output "custom_headers" {
5 | value = local.custom_headers
6 | }
7 |
--------------------------------------------------------------------------------
/modules/aws-cloudfront-security-headers/requirements.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = ">= 3.43"
6 | }
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/modules/aws-cloudfront-security-headers/src/index.js.tpl:
--------------------------------------------------------------------------------
1 | exports.handler = (event, context, callback) => {
2 |
3 | //Get contents of response
4 | const response = event.Records[0].cf.response;
5 | const headers = response.headers;
6 |
7 |
8 | %{ for key, value in custom_headers }
9 | %{ if value.value != "" }
10 | headers["${key}"] = [{key: "${value.key}", value: "${value.value}"}];
11 | %{ endif }
12 | %{ endfor ~}
13 |
14 | //Return modified response
15 | callback(null, response);
16 | };
17 |
--------------------------------------------------------------------------------
/modules/aws-cloudwatch-prometheus-metrics/main.tf:
--------------------------------------------------------------------------------
1 | data "aws_caller_identity" "current" {}
2 |
3 | resource "helm_release" "aws-cloudwatch-metrics" {
4 | name = "cloudwatch-agent-prometheus"
5 | repository = "https://dasmeta.github.io/helm"
6 | # chart = "${path.module}/../helm"
7 | chart = "cloudwatch-agent-prometheus"
8 | version = "0.0.1"
9 | namespace = var.namespace
10 |
11 | # values = [
12 | # file("${path.module}/values.yaml")
13 | # ]
14 |
15 | set {
16 | name = "clusterName"
17 | value = var.cluster_name
18 | }
19 |
20 | set {
21 | name = "serviceAccount.name"
22 | value = "cloudwatch-agent-prometheus"
23 | }
24 |
25 | set {
26 | name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
27 | value = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${aws_iam_role.aws-cloudwatch-metrics-role.name}"
28 | }
29 |
30 | depends_on = [
31 | kubernetes_namespace.namespace
32 | ]
33 | }
34 |
--------------------------------------------------------------------------------
/modules/aws-cloudwatch-prometheus-metrics/namespace.tf:
--------------------------------------------------------------------------------
1 | resource "kubernetes_namespace" "namespace" {
2 | count = var.create_namespace ? 1 : 0
3 |
4 | metadata {
5 | name = var.namespace
6 |
7 | labels = {
8 | name = var.namespace
9 | }
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/modules/aws-cloudwatch-prometheus-metrics/variables.tf:
--------------------------------------------------------------------------------
1 | variable "cluster_name" {
2 | type = string
3 | default = "dasmeta-test-new2"
4 | }
5 |
6 | variable "namespace" {
7 | type = string
8 | default = "amazon-cloudwatch"
9 | }
10 |
11 | variable "create_namespace" {
12 | type = bool
13 | default = false
14 | description = "wether or no to create namespace"
15 | }
16 |
17 | variable "eks_oidc_root_ca_thumbprint" {
18 | type = string
19 | default = ""
20 | }
21 |
22 | variable "oidc_provider_arn" {
23 | type = string
24 | default = ""
25 | }
26 |
--------------------------------------------------------------------------------
/modules/aws-cloudwatch-prometheus-metrics/version.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | kubernetes = {
4 | source = "hashicorp/kubernetes"
5 | version = "2.12.1"
6 | }
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/modules/aws-efs/backup/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM amazon/aws-cli
2 |
3 | RUN yum install nfs-utils -y && \
4 | yum install amazon-efs-utils -y && \
5 | yum install vim -y
6 |
7 | RUN mkdir ./efs
8 |
9 | COPY ./start.sh /aws/start.sh
10 |
11 | RUN chmod +x /aws/start.sh
12 |
13 | WORKDIR /aws/
14 |
15 | ENTRYPOINT ["/aws/start.sh"]
16 |
--------------------------------------------------------------------------------
/modules/aws-efs/backup/Makefile:
--------------------------------------------------------------------------------
1 | ACCOUNT_ID=""
2 | IMAGE_NAME=""
3 |
4 | aws-login:
5 | aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin ${ACCOUNT_ID}.dkr.ecr.eu-central-1.amazonaws.com
6 |
7 | build-image:
8 | docker build . --file Dockerfile --tag ${IMAGE_NAME}
9 | docker tag ${IMAGE_NAME} ${ACCOUNT_ID}.dkr.ecr.eu-central-1.amazonaws.com/${IMAGE_NAME}:0.1
10 |
11 | push-image:
12 | docker push "${ACCOUNT_ID}.dkr.ecr.eu-central-1.amazonaws.com/${IMAGE_NAME}:${VERSION}"
13 |
14 | helm-update-dev:
15 | cd helm/jobs && helm upgrade --install -f values-dev.yaml efs-backup .
16 |
--------------------------------------------------------------------------------
/modules/aws-efs/backup/README.md:
--------------------------------------------------------------------------------
1 | # How to deploy backuper to cluster
2 |
3 | - First edit Makefile and set correct values for variables and build image with this command
4 | ```
5 | make build-image
6 | ```
7 |
8 | - then push image to your repository (I guess its ECR)
9 | ```
10 | make push-image
11 | ```
12 |
13 | - Make sure to change image details in helm values (values-dev.yaml)
14 | ```
15 | make helm-update-dev:
16 | ```
17 |
18 | In this start.sh script example backuper will just copy all content of EFS (/) to AWS S3 bucket
19 |
20 | but sure you can edit start.sh and add your custom logic there
21 |
--------------------------------------------------------------------------------
/modules/aws-efs/backup/helm/jobs/Chart.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: base-cronjob
3 | repository: https://dasmeta.github.io/helm
4 | version: 0.1.9
5 | digest: sha256:e1e2c35fc67b7f70678481d605af86d88f195c3bb45808febcb45642c679381b
6 | generated: "2023-03-22T13:36:17.377072+04:00"
7 |
--------------------------------------------------------------------------------
/modules/aws-efs/backup/helm/jobs/charts/base-cronjob/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | appVersion: 0.1.9
3 | description: A Base Helm chart for Kubernetes CronJob
4 | name: base-cronjob
5 | type: application
6 | version: 0.1.9
7 |
--------------------------------------------------------------------------------
/modules/aws-efs/backup/helm/jobs/charts/base-cronjob/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dasmeta/terraform-aws-modules/7f0739f1589f107de5ff9239e439a4e82f78a7ff/modules/aws-efs/backup/helm/jobs/charts/base-cronjob/README.md
--------------------------------------------------------------------------------
/modules/aws-efs/backup/helm/jobs/charts/base-cronjob/templates/pvc.yaml:
--------------------------------------------------------------------------------
1 | {{- range $job := .Values.jobs }}
2 | {{- if $job.storage -}}
3 | {{ range $storage := $job.storages }}
4 | ---
5 | apiVersion: v1
6 | kind: PersistentVolumeClaim
7 | metadata:
8 | name: {{ $storage.persistentVolumeClaimName }}
9 | labels:
10 | {{/* {{- include "base.labels" . | nindent 4 }}*/}}
11 | {{- if $storage.keepPvc }}
12 | annotations:
13 | "helm.sh/resource-policy": keep
14 | {{- end }}
15 | spec:
16 | {{- with $storage }}
17 | accessModes:
18 | {{- toYaml .accessModes | nindent 4 }}
19 | volumeMode: {{ .volumeMode | default "Filesystem" }}
20 | resources:
21 | requests:
22 | storage: {{ .requestedSize }}
23 | {{- if .className }}
24 | storageClassName: {{ .className }}
25 | {{- end }}
26 | {{- end }}
27 | {{ if $storage.enableDataSource}}
28 | dataSource:
29 | kind: PersistentVolumeClaim
30 | name: {{ $storage.persistentVolumeClaimName }}
31 | {{- end }}
32 | {{- end }}
33 | {{- end }}
34 | {{- end }}
35 | ---
36 |
--------------------------------------------------------------------------------
/modules/aws-efs/backup/helm/jobs/charts/base-cronjob/templates/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | {{- range $job := .Values.jobs }}
2 | {{- if $job.serviceAccount.create -}}
3 | apiVersion: v1
4 | kind: ServiceAccount
5 | metadata:
6 | name: {{ $job.serviceAccount.name }}
7 | labels:
8 | {{- with $job.serviceAccount.annotations }}
9 | annotations:
10 | {{- toYaml . | nindent 4 }}
11 | {{- end }}
12 | {{- end }}
13 | {{- end }}
14 |
--------------------------------------------------------------------------------
/modules/aws-efs/backup/helm/jobs/values-dev.yaml:
--------------------------------------------------------------------------------
1 | aws-efs-backup:
2 | jobs:
3 | - name: efs-backup
4 | schedule: "0 0 * * 0"
5 | restartPolicy: OnFailure
6 | serviceAccount:
7 | create: true
8 | name: "aws-efs-backup"
9 | nodeSelector:
10 | nodetype: "regular"
11 | resources:
12 | requests:
13 | cpu: 100m
14 | memory: 100Mi
15 | limits:
16 | cpu: 100m
17 | memory: 100Mi
18 | securityContext:
19 | privileged: true
20 | image:
21 | registry:
22 | repository: aws-cli-nfs
23 | pullPolicy: Always
24 | tag: 0.1
25 | env:
26 | - name: ENV
27 | value: dev
28 | command: ["./start.sh"]
29 |
--------------------------------------------------------------------------------
/modules/aws-efs/backup/start.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | mount -t nfs :/ ./efs
4 | # To backup all EFS to s3 you can just leave as it is (rename bucket name)
5 | aws s3 cp --recursive ./efs s3://-"$(date +%d-%m-%Y)"
6 |
--------------------------------------------------------------------------------
/modules/aws-multi-vpc-peering/main.tf:
--------------------------------------------------------------------------------
1 | module "vpc_peering" {
2 | source = "../aws-vpc-peering"
3 |
4 | for_each = toset(var.peering_vpc_id)
5 |
6 | providers = {
7 | aws.this = aws
8 | aws.peer = aws.peer
9 | }
10 |
11 | this_vpc_id = var.main_vpc
12 | peer_vpc_id = each.value
13 |
14 | auto_accept_peering = true
15 |
16 | tags = {
17 | Name = "vpc-peering-${replace(each.value, "/[^0-9a-z]/i", "-")}"
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/modules/aws-multi-vpc-peering/variables.tf:
--------------------------------------------------------------------------------
1 | variable "main_vpc" {
2 | description = "MainVPC Id"
3 | type = string
4 | }
5 |
6 | variable "peering_vpc_id" {
7 | description = "Peering VPC ids."
8 | type = list(string)
9 | }
10 |
--------------------------------------------------------------------------------
/modules/aws-multi-vpc-peering/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = "> 0.15.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | configuration_aliases = [aws, aws.peer]
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/modules/aws-network/peering.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = var.peering_region
3 | }
4 | module "vpc-peering" {
5 | source = "../aws-vpc-peering"
6 | count = var.create_vpc_peering ? 1 : 0
7 | providers = {
8 | aws.this = aws
9 | aws.peer = aws
10 | }
11 |
12 | this_vpc_id = var.main_vpc_id
13 | peer_vpc_id = var.peering_vpc_id
14 |
15 | auto_accept_peering = true
16 | tags = var.peering_tags
17 | }
18 |
--------------------------------------------------------------------------------
/modules/aws-network/vpc.tf:
--------------------------------------------------------------------------------
1 | module "vpc" {
2 | source = "terraform-aws-modules/vpc/aws"
3 | version = "2.77.0"
4 |
5 | count = var.create_vpc ? 1 : 0
6 | name = var.vpc_name
7 | cidr = var.cidr
8 | azs = var.availability_zones
9 | private_subnets = var.private_subnets
10 | public_subnets = var.public_subnets
11 | enable_nat_gateway = var.enable_nat_gateway
12 | single_nat_gateway = var.single_nat_gateway
13 | enable_dns_hostnames = var.enable_dns_hostnames
14 | enable_dns_support = var.enable_dns_support
15 |
16 | public_subnet_tags = var.public_subnet_tags
17 | private_subnet_tags = var.private_subnet_tags
18 |
19 | }
20 |
--------------------------------------------------------------------------------
/modules/aws-network/vpn.tf:
--------------------------------------------------------------------------------
1 | module "vpn" {
2 | source = "../aws-vpn-vpnendpoint"
3 | enable_saml = var.enable_saml
4 | vpc_id = var.vpc_id
5 | endpoint_name = var.endpoint_name
6 | endpoint_client_cidr_block = var.endpoint_client_cidr_block
7 | saml_provider_arn = var.saml_provider_arn
8 | certificate_arn = var.certificate_arn
9 | endpoint_subnets = var.endpoint_subnets
10 | authorization_ingress = var.authorization_ingress
11 | tags = {
12 | "Name" = var.endpoint_name
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/modules/aws-rds-postgres/outputs.tf:
--------------------------------------------------------------------------------
1 | output "endpoint" {
2 | value = module.db.this_db_instance_endpoint
3 | }
4 |
5 | output "password" {
6 | value = module.db.this_db_master_password
7 | sensitive = true
8 | }
9 |
--------------------------------------------------------------------------------
/modules/aws-rds-postgres/security-group.tf:
--------------------------------------------------------------------------------
1 | data "aws_vpc" "vpc" {
2 | id = var.vpc_id
3 | }
4 |
5 | resource "aws_security_group" "sg" {
6 | count = var.create_security_group ? 1 : 0
7 |
8 | name = "${var.name}-postgres-sg"
9 | description = "Allow inbound traffic to Postgres from VPC CIDR"
10 | vpc_id = data.aws_vpc.vpc.id
11 |
12 | ingress {
13 | from_port = 0
14 | to_port = 5432
15 | protocol = "tcp"
16 | cidr_blocks = concat(
17 | [
18 | data.aws_vpc.vpc.cidr_block
19 | ],
20 | var.ip_ranges
21 | )
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/modules/aws-vpc-peering/provider.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "~> 5.0"
6 | configuration_aliases = [aws.this, aws.peer]
7 | }
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/modules/aws-vpc-peering/version.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 0.15.0"
3 | }
4 |
--------------------------------------------------------------------------------
/modules/aws-vpn-vpnendpoint/outputs.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dasmeta/terraform-aws-modules/7f0739f1589f107de5ff9239e439a4e82f78a7ff/modules/aws-vpn-vpnendpoint/outputs.tf
--------------------------------------------------------------------------------
/modules/aws-vpn-vpnendpoint/tests/vpn-setup/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = "> 0.15.0"
3 |
4 | required_providers {
5 | test = {
6 | source = "terraform.io/builtin/test"
7 | }
8 |
9 | aws = {
10 | source = "hashicorp/aws"
11 | version = "~> 5.0"
12 | }
13 | }
14 | }
15 |
16 | provider "aws" {
17 | region = "eu-central-1"
18 | }
19 |
--------------------------------------------------------------------------------
/modules/aws-vpn-vpnendpoint/tests/vpn-setup/2-assert.tf:
--------------------------------------------------------------------------------
1 | resource "test_assertions" "dummy" {
2 | component = "vpn"
3 |
4 | equal "scheme" {
5 | description = "As module does not have any output and data just make sure the case runs. Probably can be thrown away."
6 | got = "all good"
7 | want = "all good"
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/modules/aws-vpn-vpnendpoint/tests/vpn-setup/README.md:
--------------------------------------------------------------------------------
1 | # all-subscriptions
2 |
3 |
4 | ## Requirements
5 |
6 | | Name | Version |
7 | |------|---------|
8 | | [terraform](#requirement\_terraform) | > 0.15.0 |
9 | | [aws](#requirement\_aws) | ~> 5.0 |
10 |
11 | ## Providers
12 |
13 | | Name | Version |
14 | |------|---------|
15 | | [test](#provider\_test) | n/a |
16 |
17 | ## Modules
18 |
19 | | Name | Source | Version |
20 | |------|--------|---------|
21 | | [vpn](#module\_vpn) | ../../ | n/a |
22 |
23 | ## Resources
24 |
25 | | Name | Type |
26 | |------|------|
27 | | test_assertions.dummy | resource |
28 |
29 | ## Inputs
30 |
31 | No inputs.
32 |
33 | ## Outputs
34 |
35 | No outputs.
36 |
37 |
--------------------------------------------------------------------------------
/modules/aws-vpn-vpnendpoint/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = "> 0.15.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | configuration_aliases = [aws, aws.peer]
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/modules/budgets/outputs.tf:
--------------------------------------------------------------------------------
1 | output "arn" {
2 | description = "The Amazon Resource Name (ARN) of the rule"
3 | value = var.is_enabled ? aws_cloudwatch_event_rule.this[0].arn : null
4 | }
5 |
--------------------------------------------------------------------------------
/modules/budgets/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">=0.14"
3 | required_providers {
4 | aws = {
5 | source = "hashicorp/aws"
6 | version = ">=3.0.0"
7 | }
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/modules/cloudfront-ssl-hsts/bucket-origin.tf:
--------------------------------------------------------------------------------
1 | data "aws_s3_bucket" "origins" {
2 | for_each = { for key, origin in var.origins : origin.id => origin if try(origin.type, null) == "bucket" }
3 |
4 | bucket = each.value.domain_name
5 | }
6 |
7 | resource "aws_cloudfront_origin_access_identity" "this" {
8 | for_each = data.aws_s3_bucket.origins
9 |
10 | provider = aws.virginia
11 | }
12 |
13 | data "aws_iam_policy_document" "s3_policy" {
14 | for_each = data.aws_s3_bucket.origins
15 |
16 | statement {
17 | actions = ["s3:GetObject"]
18 | resources = ["${each.value.arn}/*"]
19 |
20 | principals {
21 | type = "AWS"
22 | identifiers = [aws_cloudfront_origin_access_identity.this[each.key].iam_arn]
23 | }
24 | }
25 | }
26 |
27 | resource "aws_s3_bucket_policy" "cdn_access_policy" {
28 | for_each = data.aws_s3_bucket.origins
29 |
30 | bucket = each.value.id
31 | policy = data.aws_iam_policy_document.s3_policy[each.key].json
32 | }
33 |
--------------------------------------------------------------------------------
/modules/cloudfront-ssl-hsts/lamda-security-headers.tf:
--------------------------------------------------------------------------------
1 | module "aws-cloudfront-security-headers" {
2 | count = var.create_hsts ? 1 : 0
3 |
4 | source = "dasmeta/modules/aws//modules/aws-cloudfront-security-headers"
5 | version = "0.23.1"
6 |
7 | name = "${substr(replace(var.aliases[0], ".", "-"), 0, 32)}-security-headers"
8 | override_custom_headers = var.override_custom_headers
9 | }
10 |
--------------------------------------------------------------------------------
/modules/cloudfront-ssl-hsts/ssl-certificate.tf:
--------------------------------------------------------------------------------
1 | module "ssl-certificate-auth" {
2 | count = var.create_certificate ? 1 : 0
3 |
4 | source = "dasmeta/modules/aws//modules/ssl-certificate"
5 | version = "1.1.2"
6 | domain = element(var.aliases, 0)
7 | alternative_domains = slice(var.aliases, 1, length(var.aliases))
8 | zone = element(var.zone, 0)
9 | alternative_zones = slice(var.zone, 1, length(var.zone))
10 | tags = var.tags
11 |
12 | providers = {
13 | aws = aws.virginia
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/modules/cloudfront-ssl-hsts/tests/basic/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "~> 5.0"
6 | }
7 | }
8 | }
9 |
10 | provider "aws" {
11 | region = "eu-central-1"
12 | }
13 | provider "aws" {
14 | region = "us-east-1"
15 | alias = "virginia"
16 | }
17 |
18 | locals {
19 | domain = "basic-test-cloudfront.devops.dasmeta.com"
20 | zone = "devops.dasmeta.com"
21 | }
22 |
23 | resource "aws_s3_bucket" "this" {
24 | bucket = local.domain
25 | }
26 |
--------------------------------------------------------------------------------
/modules/cloudfront-ssl-hsts/tests/basic/1-example.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../../"
3 | zone = [local.zone]
4 | aliases = [local.domain]
5 | origins = [
6 | {
7 | id = "s3"
8 | domain_name = aws_s3_bucket.this.id
9 | type = "bucket"
10 | }
11 | ]
12 |
13 | providers = {
14 | aws = aws
15 | aws.virginia = aws.virginia
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/modules/cloudfront-ssl-hsts/tests/basic/README.md:
--------------------------------------------------------------------------------
1 | # basic
2 |
3 |
4 | ## Requirements
5 |
6 | | Name | Version |
7 | |------|---------|
8 | | [aws](#requirement\_aws) | ~> 5.0 |
9 |
10 | ## Providers
11 |
12 | | Name | Version |
13 | |------|---------|
14 | | [aws](#provider\_aws) | ~> 5.0 |
15 |
16 | ## Modules
17 |
18 | | Name | Source | Version |
19 | |------|--------|---------|
20 | | [this](#module\_this) | ../../ | n/a |
21 |
22 | ## Resources
23 |
24 | | Name | Type |
25 | |------|------|
26 | | [aws_s3_bucket.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
27 |
28 | ## Inputs
29 |
30 | No inputs.
31 |
32 | ## Outputs
33 |
34 | No outputs.
35 |
36 |
--------------------------------------------------------------------------------
/modules/cloudfront-ssl-hsts/tests/s3-and-alb/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "~> 5.0"
6 | }
7 | }
8 | }
9 |
10 | provider "aws" {
11 | region = "eu-central-1"
12 | }
13 | provider "aws" {
14 | region = "us-east-1"
15 | alias = "virginia"
16 | }
17 |
18 | locals {
19 | domain = "s3-and-alb-test-cloudfront.devops.dasmeta.com"
20 | zone = "devops.dasmeta.com"
21 | }
22 |
23 | resource "aws_s3_bucket" "test" {
24 | bucket = local.domain
25 | }
26 |
27 | # get region default vpc and its public subnets
28 | data "aws_vpc" "default" {
29 | default = true
30 | provider = aws
31 | }
32 |
33 | data "aws_subnets" "default" {
34 | filter {
35 | name = "vpc-id"
36 | values = [data.aws_vpc.default.id]
37 | }
38 | }
39 |
40 | # create test alb
41 | resource "aws_lb" "test" {
42 | name = "cloudfront-test-alb"
43 | provider = aws
44 | subnets = data.aws_subnets.default.ids
45 | }
46 |
--------------------------------------------------------------------------------
/modules/cloudfront-ssl-hsts/tests/s3-and-alb/1-example.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../../"
3 | zone = [local.zone]
4 | aliases = [local.domain]
5 | origins = [
6 | {
7 | id = "alb"
8 | domain_name = aws_lb.test.dns_name
9 | behavior = {
10 | path_pattern = "/api/*"
11 | }
12 | },
13 | {
14 | id = "s3"
15 | domain_name = aws_s3_bucket.test.id
16 | type = "bucket"
17 | }
18 | ]
19 |
20 | providers = {
21 | aws = aws
22 | aws.virginia = aws.virginia
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/modules/cloudfront-ssl-hsts/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 0.13.1"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 3.64, < 6.0"
8 | configuration_aliases = [aws.virginia]
9 | }
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/modules/cloudfront-to-s3-to-cloudwatch/cloudfront-to-s3-to-cloudwatch/.gitignore:
--------------------------------------------------------------------------------
1 | *.zip
2 |
--------------------------------------------------------------------------------
/modules/cloudfront-to-s3-to-cloudwatch/cloudfront-to-s3-to-cloudwatch/outputs.tf:
--------------------------------------------------------------------------------
1 | output "function_arn" {
2 | value = module.lambda.arn
3 | }
4 |
5 | output "function_name" {
6 | value = module.lambda.function_name
7 | }
8 |
--------------------------------------------------------------------------------
/modules/cloudfront-to-s3-to-cloudwatch/cloudfront-to-s3-to-cloudwatch/variables.tf:
--------------------------------------------------------------------------------
1 | variable "function_name" {
2 | type = string
3 | default = ""
4 | }
5 |
6 | variable "bucket_name" {
7 | type = string
8 | }
9 |
10 | variable "log_group_name" {
11 | type = string
12 | }
13 |
14 | variable "memory_size" {
15 | description = "Memory size for Lambda function"
16 | type = number
17 | default = null
18 | }
19 |
20 | variable "timeout" {
21 | description = "Timeout for Lambda function"
22 | type = number
23 | default = null
24 | }
25 |
26 | variable "create_alarm" {
27 | type = bool
28 | default = false
29 | }
30 |
31 | # variable "alarm_actions" {
32 | # type = list(string)
33 | # default = []
34 | # }
35 |
36 | # variable "ok_actions" {
37 | # type = list(string)
38 | # default = []
39 | # }
40 |
--------------------------------------------------------------------------------
/modules/cloudfront-to-s3-to-cloudwatch/variables.tf:
--------------------------------------------------------------------------------
1 | variable "bucket_name" {
2 | type = string
3 | description = "Name of the bucket module will create for CloudFront to stream logs to. Will default to account_id-cloudfront-logs."
4 | default = ""
5 | }
6 |
7 | variable "account_id" {
8 | type = string
9 | default = ""
10 | description = "Remote AWS Account id to stream logs to. If left empty current account will be used."
11 | }
12 |
13 | variable "create_bucket" {
14 | type = bool
15 | default = true
16 | description = "Defines if the module should create the bucket or use one specified."
17 | }
18 |
19 | variable "create_lambda" {
20 | type = bool
21 | default = true
22 | description = "If enabled lambda will be created which will stream logs from S3 into CloudWatch."
23 | }
24 |
--------------------------------------------------------------------------------
/modules/cloudfront-to-s3-to-cloudwatch/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "~> 4.16"
6 | }
7 | }
8 |
9 | required_version = "~> 1.0"
10 | }
11 |
--------------------------------------------------------------------------------
/modules/cloudfront/modules/cloudfront_functions/main.tf:
--------------------------------------------------------------------------------
1 | resource "aws_cloudfront_function" "this" {
2 | name = var.name
3 | runtime = var.runtime
4 | comment = var.comment
5 | publish = var.publish
6 | code = var.code
7 | }
8 |
--------------------------------------------------------------------------------
/modules/cloudfront/modules/cloudfront_functions/output.tf:
--------------------------------------------------------------------------------
1 | output "arn" {
2 | value = aws_cloudfront_function.this.arn
3 | }
4 |
--------------------------------------------------------------------------------
/modules/cloudfront/modules/cloudfront_functions/tests/basic/README.md:
--------------------------------------------------------------------------------
1 | # basic
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | No providers.
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [function](#module\_function) | ../../ | n/a |
17 |
18 | ## Resources
19 |
20 | No resources.
21 |
22 | ## Inputs
23 |
24 | No inputs.
25 |
26 | ## Outputs
27 |
28 | No outputs.
29 |
30 |
--------------------------------------------------------------------------------
/modules/cloudfront/modules/cloudfront_functions/tests/basic/function.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dasmeta/terraform-aws-modules/7f0739f1589f107de5ff9239e439a4e82f78a7ff/modules/cloudfront/modules/cloudfront_functions/tests/basic/function.js
--------------------------------------------------------------------------------
/modules/cloudfront/modules/cloudfront_functions/tests/basic/main.tf:
--------------------------------------------------------------------------------
1 | module "function" {
2 | source = "../../"
3 |
4 | name = "test"
5 | code = file("${path.module}/function.js")
6 | }
7 |
--------------------------------------------------------------------------------
/modules/cloudfront/modules/cloudfront_functions/variables.tf:
--------------------------------------------------------------------------------
1 | variable "name" {
2 | type = string
3 | description = "Function name"
4 | }
5 |
6 | variable "comment" {
7 | type = string
8 | description = "Function comment"
9 | default = ""
10 | }
11 |
12 | variable "runtime" {
13 | type = string
14 | description = "Function runtime"
15 | default = "cloudfront-js-1.0"
16 | }
17 |
18 | variable "publish" {
19 | type = bool
20 | description = "Function Publish"
21 | default = true
22 | }
23 |
24 | variable "code" {
25 | type = any
26 | description = "Function code"
27 | }
28 |
--------------------------------------------------------------------------------
/modules/cloudfront/modules/response_headers/main.tf:
--------------------------------------------------------------------------------
1 | # CloudFront custom response headers policy
2 | resource "aws_cloudfront_response_headers_policy" "this" {
3 | name = var.name
4 |
5 | custom_headers_config {
6 | dynamic "items" {
7 | for_each = var.custom_headers
8 | content {
9 | header = items.value.header
10 | override = items.value.override
11 | value = items.value.value
12 | }
13 | }
14 | }
15 |
16 | dynamic "security_headers_config" {
17 | for_each = var.security_headers.frame_options != null ? [1] : []
18 | content {
19 | frame_options {
20 | override = true
21 | frame_option = var.security_headers.frame_options
22 | }
23 | }
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/modules/cloudfront/modules/response_headers/output.tf:
--------------------------------------------------------------------------------
1 | output "id" {
2 | value = aws_cloudfront_response_headers_policy.this.id
3 | }
4 |
--------------------------------------------------------------------------------
/modules/cloudfront/modules/response_headers/tests/basic/README.md:
--------------------------------------------------------------------------------
1 | # tests
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | No providers.
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [this](#module\_this) | ../ | n/a |
17 |
18 | ## Resources
19 |
20 | No resources.
21 |
22 | ## Inputs
23 |
24 | No inputs.
25 |
26 | ## Outputs
27 |
28 | No outputs.
29 |
30 |
--------------------------------------------------------------------------------
/modules/cloudfront/modules/response_headers/tests/basic/main.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../"
3 | name = "X-Frame-Options"
4 | security_headers = {
5 | frame_options = "DENY"
6 | }
7 | }
8 |
--------------------------------------------------------------------------------
/modules/cloudfront/modules/response_headers/variables.tf:
--------------------------------------------------------------------------------
1 | variable "custom_headers" {
2 | type = list(object({
3 | header = string
4 | value = string
5 | override = bool
6 | }))
7 | description = "List of custom headers with header name, value, and override flag"
8 | default = []
9 | }
10 |
11 | variable "security_headers" {
12 | type = object({
13 | frame_options = optional(string)
14 | })
15 | default = {}
16 | }
17 |
18 | variable "name" {
19 | type = string
20 | description = "Cloudfront response headers polic"
21 | }
22 |
--------------------------------------------------------------------------------
/modules/cloudfront/outputs.tf:
--------------------------------------------------------------------------------
1 | output "hosted_zone_id" {
2 | value = aws_cloudfront_distribution.main.hosted_zone_id
3 | description = "CDN hosted zone id to be aliasd in Route53 or used somewhere else."
4 | }
5 |
6 | output "domain_name" {
7 | value = aws_cloudfront_distribution.main.domain_name
8 | description = "CDN domain name to be aliasd in Route53 or used somewhere else."
9 | }
10 |
11 | output "distribution_id" {
12 | value = aws_cloudfront_distribution.main.id
13 | description = "CDN distribution id to be used with AWS CLI or API calls."
14 | }
15 |
--------------------------------------------------------------------------------
/modules/cloudfront/providers.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | alias = "virginia"
3 | region = "us-east-1"
4 | }
5 |
--------------------------------------------------------------------------------
/modules/cloudfront/requirements.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "~> 4.50"
6 | }
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/modules/cloudfront/security-headers-config.tf:
--------------------------------------------------------------------------------
1 | module "aws-cloudfront-security-headers-policy" {
2 | count = var.create_response_headers_policy.enabled ? 1 : 0
3 |
4 | source = "./modules/response_headers/"
5 | name = var.create_response_headers_policy.name
6 | security_headers = var.create_response_headers_policy.security_headers
7 | }
8 |
--------------------------------------------------------------------------------
/modules/cloudfront/security-headers-lambda.tf:
--------------------------------------------------------------------------------
1 | module "aws-cloudfront-security-headers" {
2 | count = var.create_lambda_security_headers ? 1 : 0
3 |
4 | source = "../aws-cloudfront-security-headers"
5 | name = "${substr(replace(var.domain_names[0], ".", "-"), 0, 32)}-security-headers"
6 |
7 | providers = {
8 | aws = aws.virginia
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/modules/cloudfront/tests/default/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "~> 4.33"
6 | }
7 | }
8 | }
9 |
10 | provider "aws" {
11 | region = "eu-central-1"
12 | }
13 |
--------------------------------------------------------------------------------
/modules/cloudfront/tests/default/1-example.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../../"
3 | origins = [
4 | {
5 | target = "some-s3-bucket-name.s3.us-east-1.amazonaws.com"
6 | type = "bucket"
7 | origin_access_control_id = ""
8 | custom_origin_config = []
9 | }
10 | ]
11 | use_default_cert = true
12 | default_target_origin_id = "some-s3-bucket-name.s3.us-east-1.amazonaws.com"
13 | domain_names = ["example.com"]
14 |
15 | logging_config = {
16 | enabled = true
17 | bucket = "s3-logging-bucket"
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/modules/cloudfront/tests/default/README.md:
--------------------------------------------------------------------------------
1 | # default
2 |
3 |
4 | ## Requirements
5 |
6 | | Name | Version |
7 | |------|---------|
8 | | [aws](#requirement\_aws) | ~> 4.33 |
9 |
10 | ## Providers
11 |
12 | No providers.
13 |
14 | ## Modules
15 |
16 | | Name | Source | Version |
17 | |------|--------|---------|
18 | | [this](#module\_this) | ../../ | n/a |
19 |
20 | ## Resources
21 |
22 | No resources.
23 |
24 | ## Inputs
25 |
26 | No inputs.
27 |
28 | ## Outputs
29 |
30 | No outputs.
31 |
32 |
--------------------------------------------------------------------------------
/modules/cloudtrail-s3-to-cloudwatch/cloudtrail-log-to-cloudwatch/.gitignore:
--------------------------------------------------------------------------------
1 | *.zip
2 |
--------------------------------------------------------------------------------
/modules/cloudtrail-s3-to-cloudwatch/cloudtrail-log-to-cloudwatch/outputs.tf:
--------------------------------------------------------------------------------
1 | output "function_arn" {
2 | value = module.lambda.arn
3 | }
4 |
5 | output "function_name" {
6 | value = module.lambda.function_name
7 | }
8 |
--------------------------------------------------------------------------------
/modules/cloudtrail-s3-to-cloudwatch/cloudtrail-log-to-cloudwatch/variables.tf:
--------------------------------------------------------------------------------
1 | variable "function_name" {
2 | type = string
3 | default = ""
4 | }
5 |
6 | variable "bucket_name" {
7 | type = string
8 | }
9 |
10 | variable "log_group_name" {
11 | type = string
12 | }
13 |
14 | variable "memory_size" {
15 | description = "Memory size for Lambda function"
16 | type = number
17 | default = null
18 | }
19 |
20 | variable "timeout" {
21 | description = "Timeout for Lambda function"
22 | type = number
23 | default = null
24 | }
25 |
26 | variable "create_alarm" {
27 | type = bool
28 | default = false
29 | }
30 |
31 | # variable "alarm_actions" {
32 | # type = list(string)
33 | # default = []
34 | # }
35 |
36 | # variable "ok_actions" {
37 | # type = list(string)
38 | # default = []
39 | # }
40 |
--------------------------------------------------------------------------------
/modules/cloudtrail-s3-to-cloudwatch/variables.tf:
--------------------------------------------------------------------------------
1 | variable "create_lambda_s3_to_cloudwatch" {
2 | type = bool
3 | default = true
4 | description = "Will create Lambda which will push s3 logs into CloudWatch."
5 | }
6 |
7 | variable "bucket_name" {
8 | type = string
9 | default = "test-fluent-bit-bla"
10 | description = "Whatever bucket CloudTrail logs will be pushed into. Works cross account."
11 | }
12 |
13 | variable "account_id" {
14 | type = string
15 | default = ""
16 | description = "AWS Account ID logs will be pushed from. Will take default account_id if nothing provided."
17 | }
18 |
19 | variable "cloudtrail_name" {
20 | type = string
21 | description = "CloudTrail name logs will be pushed from. Used to setup permissions on Bucket to accept logs from."
22 | }
23 |
24 | variable "cloudtrail_region" {
25 | type = string
26 | default = ""
27 | description = "The region CloudTrail reside. Used to to setup permissions on Bucket to accept logs from. Defaults to current region if non provided."
28 | }
29 |
--------------------------------------------------------------------------------
/modules/cloudtrail-s3-to-cloudwatch/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "~> 4.16"
6 | }
7 | }
8 |
9 | required_version = "~> 1.0"
10 | }
11 |
--------------------------------------------------------------------------------
/modules/cloudtrail/alerts.tf:
--------------------------------------------------------------------------------
1 | module "alerts" {
2 | source = "dasmeta/monitoring/aws//modules/alerts"
3 | version = "1.20.0"
4 |
5 | sns_topic = var.alerts.sns_topic_name
6 | alerts = [
7 | for name in var.alerts.events : {
8 | name : "${local.metrics_patterns_mapping[name]["name"]} alarm"
9 | source : "${local.metrics_namespace}/${local.metrics_patterns_mapping[name]["name"]}"
10 | statistic : "sum"
11 | filters : {}
12 | equation : "gte"
13 | fill_insufficient_data : true
14 | threshold : 1
15 | period : 10
16 | }
17 | ]
18 | }
19 |
--------------------------------------------------------------------------------
/modules/cloudtrail/cloudwatch.tf:
--------------------------------------------------------------------------------
1 | resource "aws_cloudwatch_log_group" "logs" {
2 | count = var.enable_cloudwatch_logs ? 1 : 0
3 |
4 | name = var.cloud_watch_logs_group_name
5 | retention_in_days = var.cloud_watch_logs_group_retention
6 | }
7 |
--------------------------------------------------------------------------------
/modules/cloudtrail/cmdb-lambda.tf:
--------------------------------------------------------------------------------
1 | module "cmdb" {
2 | source = "./modules/cmdb-integration"
3 | count = var.cmdb_integration.enabled ? 1 : 0
4 |
5 | name = var.name
6 | bucket_name = local.s3_bucket_name
7 | configs = var.cmdb_integration.configs
8 | }
9 |
--------------------------------------------------------------------------------
/modules/cloudtrail/modules/cmdb-integration/main.tf:
--------------------------------------------------------------------------------
1 | module "lambda" {
2 | source = "terraform-aws-modules/lambda/aws"
3 | version = "6.8.0"
4 |
5 | function_name = var.name
6 | handler = "lambda.handler"
7 | runtime = "nodejs20.x"
8 | publish = true
9 | source_path = "${path.module}/src/"
10 |
11 | role_name = var.name
12 | }
13 |
--------------------------------------------------------------------------------
/modules/cloudtrail/modules/cmdb-integration/outputs.tf:
--------------------------------------------------------------------------------
1 | output "name" {
2 | value = module.lambda.lambda_function_name
3 | }
4 |
5 | output "role_arn" {
6 | value = module.lambda.lambda_role_arn
7 | }
8 |
--------------------------------------------------------------------------------
/modules/cloudtrail/modules/cmdb-integration/topic.tf:
--------------------------------------------------------------------------------
1 | module "topic" {
2 | source = "dasmeta/sns/aws//modules/topic"
3 | version = "1.2.8"
4 |
5 | name = var.name
6 | subscriptions = var.configs.subscriptions
7 | }
8 |
--------------------------------------------------------------------------------
/modules/cloudtrail/modules/cmdb-integration/variables.tf:
--------------------------------------------------------------------------------
1 | variable "name" {
2 | type = string
3 | description = "Lambda name"
4 | }
5 |
6 | variable "bucket_name" {
7 | type = string
8 | description = "S3 bucket for s3 subscription"
9 | }
10 |
11 | variable "configs" {
12 | type = object({
13 | subscriptions = optional(list(object({ protocol = optional(string, null)
14 | endpoint = optional(string, null)
15 | endpoint_auto_confirms = optional(bool, false)
16 | dead_letter_queue_arn = optional(string) })), [])
17 | })
18 | default = {}
19 | description = "CMDB Integration Configs"
20 | }
21 |
--------------------------------------------------------------------------------
/modules/cloudtrail/output.tf:
--------------------------------------------------------------------------------
1 | output "s3_bucket_name" {
2 | value = local.s3_bucket_name
3 | }
4 |
--------------------------------------------------------------------------------
/modules/cloudtrail/tests/alerts-enabled/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = ">= 4.8"
6 | }
7 | }
8 |
9 | required_version = ">= 1.3.0"
10 | }
11 |
12 | provider "aws" {
13 | region = "eu-central-1"
14 | }
15 |
--------------------------------------------------------------------------------
/modules/cloudtrail/tests/alerts-enabled/1-example.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../../"
3 |
4 | name = "audit-project-test-dasmeta"
5 |
6 | enable_cloudwatch_logs = true
7 | cloud_watch_logs_group_name = "audit-project-cloudtrail-logs-test"
8 |
9 | alerts = {
10 | events = ["iam-user-creation-or-deletion"]
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/modules/cloudtrail/tests/alerts-enabled/README.md:
--------------------------------------------------------------------------------
1 | ## log-metrics-enabled
2 |
3 |
4 |
5 | ## Requirements
6 |
7 | | Name | Version |
8 | |------|---------|
9 | | [terraform](#requirement\_terraform) | >= 1.3.0 |
10 | | [aws](#requirement\_aws) | >= 4.8 |
11 |
12 | ## Providers
13 |
14 | No providers.
15 |
16 | ## Modules
17 |
18 | | Name | Source | Version |
19 | |------|--------|---------|
20 | | [this](#module\_this) | ../../ | n/a |
21 |
22 | ## Resources
23 |
24 | No resources.
25 |
26 | ## Inputs
27 |
28 | No inputs.
29 |
30 | ## Outputs
31 |
32 | No outputs.
33 |
34 |
--------------------------------------------------------------------------------
/modules/cloudtrail/tests/all-event-types-enabled/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = ">= 4.8"
6 | }
7 | }
8 |
9 | required_version = ">= 1.3.0"
10 | }
11 |
12 | provider "aws" {
13 | region = "eu-central-1"
14 | }
15 |
--------------------------------------------------------------------------------
/modules/cloudtrail/tests/all-event-types-enabled/1-example.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../../"
3 |
4 | name = "audit-logs"
5 | insight_selectors = ["ApiCallRateInsight", "ApiErrorRateInsight"]
6 | event_selector = [
7 | {
8 | exclude_management_event_sources = [],
9 | include_management_events = true
10 | read_write_type = "All"
11 |
12 | data_resource = [
13 | {
14 | type = "AWS::S3::Object",
15 | values = [
16 | "arn:aws:s3",
17 | ]
18 | },
19 | {
20 | type = "AWS::Lambda::Function",
21 | values = [
22 | "arn:aws:lambda",
23 | ]
24 | },
25 | ]
26 | }
27 | ]
28 | }
29 |
--------------------------------------------------------------------------------
/modules/cloudtrail/tests/basic/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = ">= 4.8"
6 | }
7 | }
8 |
9 | required_version = ">= 1.3.0"
10 | }
11 |
12 | provider "aws" {
13 | region = "eu-central-1"
14 | }
15 |
--------------------------------------------------------------------------------
/modules/cloudtrail/tests/basic/1-example.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../../"
3 |
4 | name = "audit-logs"
5 | }
6 |
--------------------------------------------------------------------------------
/modules/cloudtrail/tests/basic/README.md:
--------------------------------------------------------------------------------
1 | # basic
2 |
3 |
4 | ## Requirements
5 |
6 | | Name | Version |
7 | |------|---------|
8 | | [terraform](#requirement\_terraform) | >= 1.3.0 |
9 | | [aws](#requirement\_aws) | >= 4.8 |
10 |
11 | ## Providers
12 |
13 | No providers.
14 |
15 | ## Modules
16 |
17 | | Name | Source | Version |
18 | |------|--------|---------|
19 | | [this](#module\_this) | ../../ | n/a |
20 |
21 | ## Resources
22 |
23 | No resources.
24 |
25 | ## Inputs
26 |
27 | No inputs.
28 |
29 | ## Outputs
30 |
31 | No outputs.
32 |
33 |
--------------------------------------------------------------------------------
/modules/cloudtrail/tests/cmdb/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = ">= 4.8"
6 | }
7 | }
8 |
9 | required_version = ">= 1.3.0"
10 | }
11 |
12 | provider "aws" {
13 | region = "eu-central-1"
14 | }
15 |
--------------------------------------------------------------------------------
/modules/cloudtrail/tests/cmdb/1-example.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../../"
3 |
4 | name = "audit-log-cloudtrail-1234"
5 |
6 | event_selector = [{
7 | read_write_type = "WriteOnly"
8 | include_management_events = true
9 | data_resource = []
10 | }]
11 | cmdb_integration = {
12 | enabled = true
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/modules/cloudtrail/tests/cmdb/README.md:
--------------------------------------------------------------------------------
1 | # cmdb
2 |
3 |
4 | ## Requirements
5 |
6 | | Name | Version |
7 | |------|---------|
8 | | [terraform](#requirement\_terraform) | >= 1.3.0 |
9 | | [aws](#requirement\_aws) | >= 4.8 |
10 |
11 | ## Providers
12 |
13 | No providers.
14 |
15 | ## Modules
16 |
17 | | Name | Source | Version |
18 | |------|--------|---------|
19 | | [this](#module\_this) | ../../ | n/a |
20 |
21 | ## Resources
22 |
23 | No resources.
24 |
25 | ## Inputs
26 |
27 | No inputs.
28 |
29 | ## Outputs
30 |
31 | No outputs.
32 |
33 |
--------------------------------------------------------------------------------
/modules/cloudtrail/tests/s3-encrypted/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = ">= 4.8"
6 | }
7 | }
8 |
9 | required_version = ">= 1.3.0"
10 | }
11 |
12 | provider "aws" {
13 | region = "eu-central-1"
14 | }
15 |
--------------------------------------------------------------------------------
/modules/cloudtrail/tests/s3-encrypted/1-example.tf:
--------------------------------------------------------------------------------
1 | module "cloudtrail_new" {
2 | source = "../../"
3 |
4 | name = "infra-cloudtrail"
5 | kms_key_arn = ""
6 | enable_cloudwatch_logs = true
7 |
8 | event_selector = [{
9 | read_write_type = "All"
10 | include_management_events = true
11 |
12 | data_resource = [{
13 | type = "AWS::S3::Object"
14 | values = ["arn:aws:s3"]
15 | }]
16 | }]
17 | }
18 |
--------------------------------------------------------------------------------
/modules/cloudtrail/tests/s3-encrypted/README.md:
--------------------------------------------------------------------------------
1 | # s3-encrypted
2 |
3 |
4 | ## Requirements
5 |
6 | | Name | Version |
7 | |------|---------|
8 | | [terraform](#requirement\_terraform) | >= 1.3.0 |
9 | | [aws](#requirement\_aws) | >= 4.8 |
10 |
11 | ## Providers
12 |
13 | No providers.
14 |
15 | ## Modules
16 |
17 | | Name | Source | Version |
18 | |------|--------|---------|
19 | | [cloudtrail\_new](#module\_cloudtrail\_new) | ../../ | n/a |
20 |
21 | ## Resources
22 |
23 | No resources.
24 |
25 | ## Inputs
26 |
27 | No inputs.
28 |
29 | ## Outputs
30 |
31 | No outputs.
32 |
33 |
--------------------------------------------------------------------------------
/modules/cloudwatch-alarm-notify/output.tf:
--------------------------------------------------------------------------------
1 | output "namespace" {
2 | value = var.namespace
3 | }
4 | output "metric_name" {
5 | value = var.metric_name
6 | }
7 |
--------------------------------------------------------------------------------
/modules/cloudwatch-alarm-notify/sns_lambda_slack_subscription.tf:
--------------------------------------------------------------------------------
1 | module "notify_slack" {
2 | source = "terraform-aws-modules/notify-slack/aws"
3 | version = "4.18.0"
4 |
5 | count = var.slack_hook_url != "" && var.slack_channel != "" && var.slack_channel != "" ? 1 : 0
6 |
7 | sns_topic_name = "${replace(var.alarm_name, ".", "-")}-slack"
8 | slack_webhook_url = var.slack_hook_url
9 | slack_channel = var.slack_channel
10 | slack_username = var.slack_username
11 | cloudwatch_log_group_retention_in_days = var.cloudwatch_log_group_retention_in_days
12 | lambda_function_name = "${replace(var.alarm_name, ".", "-")}-slack"
13 | }
14 |
--------------------------------------------------------------------------------
/modules/cloudwatch-cross-account-share-data/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_account_ids" {
2 | type = list(string)
3 | description = "AWS Account IDs who can easily view your data(CloudWatch metrics, dashboards, logs widgets)"
4 | }
5 |
--------------------------------------------------------------------------------
/modules/cloudwatch/dashboard.tf:
--------------------------------------------------------------------------------
1 | resource "aws_cloudwatch_dashboard" "applications" {
2 | dashboard_name = var.dashboard_name
3 | dashboard_body = jsonencode(var.widgets)
4 | }
5 |
--------------------------------------------------------------------------------
/modules/cloudwatch/variables.tf:
--------------------------------------------------------------------------------
1 | variable "dashboard_name" {
2 | type = string
3 | default = "newdashboard"
4 | description = "Cloudwatch dashboard name"
5 | }
6 |
7 | variable "widgets" {
8 | description = "Cloudwatch widgets"
9 | }
10 |
--------------------------------------------------------------------------------
/modules/cloudwatch/widgets.json:
--------------------------------------------------------------------------------
1 | {
2 | "widgets": [
3 | {
4 | "height": 6,
5 | "width": 12,
6 | "y": 0,
7 | "x": 0,
8 | "type": "metric",
9 | "properties": {
10 | "view": "timeSeries",
11 | "stacked": false,
12 | "metrics": [
13 | [ "ContainerInsights", "pod_cpu_utilization", "PodName", "vums", "ClusterName", "production", "Namespace", "default" ],
14 | [ "...", "v", ".", ".", ".", "." ],
15 | [ "...", "d", ".", ".", ".", "." ],
16 | [ "...", "u", ".", ".", ".", "." ],
17 | [ "...", "f", ".", ".", ".", "." ]
18 | ],
19 | "region": "eu-west-2",
20 | "title": "v + d + u + f (CPU)",
21 | "period": 300,
22 | "legend": {
23 | "position": "bottom"
24 | }
25 | }
26 | }
27 | ]
28 | }
29 |
--------------------------------------------------------------------------------
/modules/cognito-identitiy-pool/README.md:
--------------------------------------------------------------------------------
1 |
2 | ## Requirements
3 |
4 | No requirements.
5 |
6 | ## Providers
7 |
8 | | Name | Version |
9 | |------|---------|
10 | | [aws](#provider\_aws) | n/a |
11 |
12 | ## Modules
13 |
14 | No modules.
15 |
16 | ## Resources
17 |
18 | | Name | Type |
19 | |------|------|
20 | | [aws_cognito_identity_pool.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_identity_pool) | resource |
21 | | [aws_iam_saml_provider.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_saml_provider) | resource |
22 |
23 | ## Inputs
24 |
25 | | Name | Description | Type | Default | Required |
26 | |------|-------------|------|---------|:--------:|
27 | | [name](#input\_name) | Identitiy pool name | `string` | n/a | yes |
28 |
29 | ## Outputs
30 |
31 | No outputs.
32 |
33 |
--------------------------------------------------------------------------------
/modules/cognito-identitiy-pool/variables.tf:
--------------------------------------------------------------------------------
1 | variable "name" {
2 | type = string
3 | description = "Identitiy pool name"
4 | }
5 |
--------------------------------------------------------------------------------
/modules/cognito-identity-pool-final/client.tf:
--------------------------------------------------------------------------------
1 | resource "aws_cognito_user_pool_client" "client" {
2 | name = var.user_pool_client
3 | user_pool_id = aws_cognito_user_pool.user-pool.id
4 | }
5 |
--------------------------------------------------------------------------------
/modules/cognito-identity-pool-final/iam-policy.tf:
--------------------------------------------------------------------------------
1 | resource "aws_iam_role_policy" "authenticated" {
2 | name = "authenticated_policy"
3 | role = aws_iam_role.authenticated.id
4 |
5 | policy = <
4 | ## Requirements
5 |
6 | | Name | Version |
7 | |------|---------|
8 | | [terraform](#requirement\_terraform) | >= 1.3.0 |
9 | | [aws](#requirement\_aws) | >= 3.41 |
10 |
11 | ## Providers
12 |
13 | | Name | Version |
14 | |------|---------|
15 | | [test](#provider\_test) | n/a |
16 |
17 | ## Modules
18 |
19 | | Name | Source | Version |
20 | |------|--------|---------|
21 | | [this](#module\_this) | ../../ | n/a |
22 |
23 | ## Resources
24 |
25 | | Name | Type |
26 | |------|------|
27 | | test_assertions.dummy | resource |
28 |
29 | ## Inputs
30 |
31 | No inputs.
32 |
33 | ## Outputs
34 |
35 | No outputs.
36 |
37 |
--------------------------------------------------------------------------------
/modules/cognito-user-pool/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.3.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 3.31"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/modules/ec2/alarms.tf:
--------------------------------------------------------------------------------
1 | data "aws_instances" "this" {
2 | filter {
3 | name = "tag:Name"
4 | values = [var.name] # Replace with your instance name
5 | }
6 | }
7 |
8 | module "cw_alerts" {
9 | count = var.alarms.enabled ? 1 : 0
10 |
11 | source = "dasmeta/monitoring/aws//modules/alerts"
12 | version = "1.19.1"
13 |
14 | sns_topic = var.alarms.sns_topic
15 |
16 | alerts = [
17 | {
18 | name = "EC2: High CPU Utilization Alert on Instance ${var.name}"
19 | source = "AWS/EC2/CPUUtilization"
20 | filters = {
21 | InstanceId = data.aws_instances.this.ids[0]
22 | }
23 | statistic = try(var.alarms.custom_values.cpu.statistic, "avg")
24 | threshold = try(var.alarms.custom_values.cpu.threshold, "80") # percent
25 | period = try(var.alarms.custom_values.cpu.period, "300")
26 | },
27 | ]
28 | }
29 |
--------------------------------------------------------------------------------
/modules/ec2/tests/basic/README.md:
--------------------------------------------------------------------------------
1 | # basic
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | No providers.
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [test](#module\_test) | ../../ | n/a |
17 |
18 | ## Resources
19 |
20 | No resources.
21 |
22 | ## Inputs
23 |
24 | No inputs.
25 |
26 | ## Outputs
27 |
28 | No outputs.
29 |
30 |
--------------------------------------------------------------------------------
/modules/ec2/tests/basic/main.tf:
--------------------------------------------------------------------------------
1 | module "test" {
2 | source = "../../"
3 |
4 | name = "ec2-name"
5 | alarms = {
6 | sns_topic = "account-alarms-handling"
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/modules/ec2/variables.tf:
--------------------------------------------------------------------------------
1 | variable "name" {
2 | type = string
3 | description = "EC2 Instance name"
4 | }
5 |
6 | variable "alarms" {
7 | type = object({
8 | enabled = optional(bool, true)
9 | sns_topic = string
10 | custom_values = optional(any, {})
11 | })
12 |
13 | description = "Alarms for EC2"
14 | }
15 |
--------------------------------------------------------------------------------
/modules/ecr/main.tf:
--------------------------------------------------------------------------------
1 | module "ecr" {
2 | source = "git::https://github.com/dasmeta/terraform-aws-ecr.git?ref=main"
3 | # TODO: we have module with direct github repo source now because there was need protected tags wildcard match ability. please check PR: https://github.com/cloudposse/terraform-aws-ecr/issues/133 and uncomment source/version to the original module tf registry
4 | # source = "cloudposse/ecr/aws"
5 | # version = "0.41.1"
6 |
7 | for_each = { for repo in var.repos : repo => repo }
8 |
9 | name = each.value
10 | max_image_count = var.max_image_count
11 | protected_tags = var.protected_tags
12 | image_tag_mutability = var.image_tag_mutability
13 | principals_readonly_access = var.principals_readonly_access
14 | }
15 |
--------------------------------------------------------------------------------
/modules/ecr/outputs.tf:
--------------------------------------------------------------------------------
1 | output "results" {
2 | value = module.ecr
3 | }
4 |
--------------------------------------------------------------------------------
/modules/ecr/tests/basic/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "~> 4.22.0"
6 | }
7 |
8 | }
9 |
10 | required_version = ">= 1.3.0"
11 | }
12 |
13 | # set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY variable for aws provider setup
14 | provider "aws" {
15 | region = "eu-central-1"
16 | }
17 |
--------------------------------------------------------------------------------
/modules/ecr/tests/basic/1-example.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../../"
3 |
4 | repos = [
5 | "test-first",
6 | "test-second"
7 | ]
8 | }
9 |
--------------------------------------------------------------------------------
/modules/ecr/tests/basic/README.md:
--------------------------------------------------------------------------------
1 | # basic
2 |
3 | This example creates 2 repositories and applies default lifecycle policies for them, that is:
4 | 1. Remove untagged images.
5 | 2. Rotate images when reach 500 images stored.
6 |
7 |
8 | ## Requirements
9 |
10 | | Name | Version |
11 | |------|---------|
12 | | [terraform](#requirement\_terraform) | >= 1.3.0 |
13 | | [aws](#requirement\_aws) | ~> 4.22.0 |
14 |
15 | ## Providers
16 |
17 | No providers.
18 |
19 | ## Modules
20 |
21 | | Name | Source | Version |
22 | |------|--------|---------|
23 | | [this](#module\_this) | ../../ | n/a |
24 |
25 | ## Resources
26 |
27 | No resources.
28 |
29 | ## Inputs
30 |
31 | No inputs.
32 |
33 | ## Outputs
34 |
35 | No outputs.
36 |
37 |
--------------------------------------------------------------------------------
/modules/ecr/tests/lifecycle_policy/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 |
4 | aws = {
5 | source = "hashicorp/aws"
6 | version = "~> 4.22.0"
7 | }
8 |
9 | }
10 |
11 | required_version = ">= 1.3.0"
12 | }
13 |
14 | # set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY variable for aws provider setup
15 | provider "aws" {
16 | region = "eu-central-1"
17 | }
18 |
--------------------------------------------------------------------------------
/modules/ecr/tests/lifecycle_policy/1-example.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../../"
3 |
4 | repos = [
5 | "test-first"
6 | ]
7 |
8 | max_image_count = 100
9 | protected_tags = ["prod", "stage"]
10 | }
11 |
--------------------------------------------------------------------------------
/modules/ecr/tests/read_only_access/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "~> 4.22.0"
6 | }
7 |
8 | }
9 |
10 | required_version = ">= 1.3.0"
11 | }
12 |
13 | # set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY variable for aws provider setup
14 | provider "aws" {
15 | region = "eu-central-1"
16 | }
17 |
--------------------------------------------------------------------------------
/modules/ecr/tests/read_only_access/1-example.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../../"
3 |
4 | repos = [
5 | "test-first",
6 | "test-second"
7 | ]
8 |
9 | principals_readonly_access = [
10 | "account_id"
11 | ]
12 | }
13 |
--------------------------------------------------------------------------------
/modules/ecr/tests/read_only_access/README.md:
--------------------------------------------------------------------------------
1 | # basic
2 |
3 | This example creates 2 repositories and applies default lifecycle policies for them, that is:
4 | 1. Remove untagged images.
5 | 2. Rotate images when reach 500 images stored.
6 |
7 |
8 | ## Requirements
9 |
10 | | Name | Version |
11 | |------|---------|
12 | | [terraform](#requirement\_terraform) | >= 1.3.0 |
13 | | [aws](#requirement\_aws) | ~> 4.22.0 |
14 |
15 | ## Providers
16 |
17 | No providers.
18 |
19 | ## Modules
20 |
21 | | Name | Source | Version |
22 | |------|--------|---------|
23 | | [this](#module\_this) | ../../ | n/a |
24 |
25 | ## Resources
26 |
27 | No resources.
28 |
29 | ## Inputs
30 |
31 | No inputs.
32 |
33 | ## Outputs
34 |
35 | No outputs.
36 |
37 |
--------------------------------------------------------------------------------
/modules/ecr/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 0.13.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.22.0"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/modules/efs/outputs.tf:
--------------------------------------------------------------------------------
1 | output "efs_creation_token" {
2 | value = aws_efs_file_system.efs.creation_token
3 | }
4 |
5 | output "az" {
6 | value = local.az_name
7 | }
8 |
9 | output "id" {
10 | value = aws_efs_file_system.efs.id
11 | }
12 |
--------------------------------------------------------------------------------
/modules/efs/tests/lifecycle-policy-changed/README.md:
--------------------------------------------------------------------------------
1 | # minimal
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | No providers.
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [efs](#module\_efs) | ../../ | n/a |
17 |
18 | ## Resources
19 |
20 | No resources.
21 |
22 | ## Inputs
23 |
24 | No inputs.
25 |
26 | ## Outputs
27 |
28 | No outputs.
29 |
30 |
--------------------------------------------------------------------------------
/modules/efs/tests/lifecycle-policy-changed/efs.tf:
--------------------------------------------------------------------------------
1 | module "efs" {
2 | source = "../../"
3 | creation_token = "EFS-minimal-test"
4 |
5 | lifecycle_policy = {
6 | transition_to_ia = "AFTER_60_DAYS"
7 | transition_to_archive = "AFTER_90_DAYS"
8 | transition_to_primary_storage_class = "AFTER_1_ACCESS"
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/modules/efs/tests/minimal/README.md:
--------------------------------------------------------------------------------
1 | # minimal
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | No providers.
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [efs](#module\_efs) | ../../ | n/a |
17 |
18 | ## Resources
19 |
20 | No resources.
21 |
22 | ## Inputs
23 |
24 | No inputs.
25 |
26 | ## Outputs
27 |
28 | No outputs.
29 |
30 |
--------------------------------------------------------------------------------
/modules/efs/tests/minimal/efs.tf:
--------------------------------------------------------------------------------
1 | module "efs" {
2 | source = "../../"
3 | creation_token = "EFS-minimal-test"
4 | }
5 |
--------------------------------------------------------------------------------
/modules/efs/tests/mount-with-eks/README.md:
--------------------------------------------------------------------------------
1 | # mount-with-eks
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | No providers.
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [efs](#module\_efs) | ../../ | n/a |
17 |
18 | ## Resources
19 |
20 | No resources.
21 |
22 | ## Inputs
23 |
24 | No inputs.
25 |
26 | ## Outputs
27 |
28 | No outputs.
29 |
30 |
--------------------------------------------------------------------------------
/modules/efs/tests/mount-with-eks/efs.tf:
--------------------------------------------------------------------------------
1 | module "efs" {
2 | source = "../../"
3 | creation_token = "EFS-test"
4 | mount_target_subnets = ["sub-xxx", "sub-yyy", "sub-zzz"]
5 | vpc_id = "vpc-1213131313131"
6 | }
7 |
--------------------------------------------------------------------------------
/modules/efs/tests/multiple-ingress-cidrs/README.md:
--------------------------------------------------------------------------------
1 | # multiple-ingress-cidrs
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | No providers.
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [this](#module\_this) | ../.. | n/a |
17 |
18 | ## Resources
19 |
20 | No resources.
21 |
22 | ## Inputs
23 |
24 | No inputs.
25 |
26 | ## Outputs
27 |
28 | No outputs.
29 |
30 |
--------------------------------------------------------------------------------
/modules/efs/tests/multiple-ingress-cidrs/efs.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../.."
3 | # version = "2.14.1"
4 |
5 | creation_token = "EFS-test"
6 | mount_target_subnets = ["sub-xxx", "sub-yyy", "sub-zzz"]
7 | name = "test-efs"
8 | vpc_id = "vpc-1213131313131"
9 | ingress_with_cidr_blocks = [
10 | {
11 | from_port = 2049
12 | to_port = 2049
13 | protocol = "tcp"
14 | description = "Home network"
15 | cidr_blocks = "10.0.1.0/24"
16 | },
17 | {
18 | from_port = 2049
19 | to_port = 2049
20 | protocol = "tcp"
21 | description = "Work network"
22 | cidr_blocks = "10.2.1.0/24"
23 | },
24 | ]
25 | }
26 |
--------------------------------------------------------------------------------
/modules/efs/tests/regular-with-mount-points/README.md:
--------------------------------------------------------------------------------
1 |
2 | ## Requirements
3 |
4 | No requirements.
5 |
6 | ## Providers
7 |
8 | | Name | Version |
9 | |------|---------|
10 | | [aws](#provider\_aws) | n/a |
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [efs](#module\_efs) | dasmeta/modules/aws//modules/efs | n/a |
17 |
18 | ## Resources
19 |
20 | | Name | Type |
21 | |------|------|
22 | | [aws_kms_key.key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
23 |
24 | ## Inputs
25 |
26 | No inputs.
27 |
28 | ## Outputs
29 |
30 | No outputs.
31 |
32 |
--------------------------------------------------------------------------------
/modules/efs/tests/regular-with-mount-points/efs.tf:
--------------------------------------------------------------------------------
1 | module "efs" {
2 | source = "dasmeta/modules/aws//modules/efs"
3 | encrypted = true
4 | kms_key_id = aws_kms_key.key.arn
5 | performance_mode = "generalPurpose"
6 | throughput_mode = "bursting"
7 | mount_target_subnets = ["sub-xxx", "sub-yyy", "sub-zzz"]
8 | }
9 |
10 | resource "aws_kms_key" "key" {
11 | description = "kms-key"
12 | deletion_window_in_days = 10
13 | }
14 |
--------------------------------------------------------------------------------
/modules/efs/tests/regular/README.md:
--------------------------------------------------------------------------------
1 | # regular
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | | Name | Version |
11 | |------|---------|
12 | | [aws](#provider\_aws) | n/a |
13 |
14 | ## Modules
15 |
16 | | Name | Source | Version |
17 | |------|--------|---------|
18 | | [efs](#module\_efs) | ../../ | n/a |
19 |
20 | ## Resources
21 |
22 | | Name | Type |
23 | |------|------|
24 | | [aws_kms_key.key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
25 |
26 | ## Inputs
27 |
28 | No inputs.
29 |
30 | ## Outputs
31 |
32 | No outputs.
33 |
34 |
--------------------------------------------------------------------------------
/modules/efs/tests/regular/efs.tf:
--------------------------------------------------------------------------------
1 | module "efs" {
2 | source = "../../"
3 | creation_token = "EFS-regular"
4 | availability_zone_prefix = "a"
5 | encrypted = true
6 | kms_key_id = aws_kms_key.key.id
7 | performance_mode = "generalPurpose"
8 | throughput_mode = "bursting"
9 | }
10 |
11 | resource "aws_kms_key" "key" {
12 | description = "kms-key"
13 | deletion_window_in_days = 10
14 | }
15 |
--------------------------------------------------------------------------------
/modules/efs/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "~> 5.0"
6 | }
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/modules/eks-iam-user-constrain/output.tf:
--------------------------------------------------------------------------------
1 | output "role_arn" {
2 | value = aws_iam_role.role.arn
3 | }
4 |
5 | output "group_name" {
6 | value = local.group_name
7 | }
8 |
--------------------------------------------------------------------------------
/modules/eks-iam-user-constrain/variables.tf:
--------------------------------------------------------------------------------
1 | variable "namespace" {
2 | type = string
3 | }
4 |
5 | variable "usernames" {
6 | type = list(string)
7 | }
8 |
9 | variable "create_namespace" {
10 | type = bool
11 | default = true
12 | }
13 |
14 | variable "rule" {
15 | type = list(any)
16 | default = [
17 | {
18 | api_groups = ["", "apps"]
19 | resources = ["pods", "pods/log", "configmaps", "services", "endpoints", "crontabs", "deployments", "nodes"]
20 | verbs = ["*"]
21 | },
22 | {
23 | api_groups = ["extensions"]
24 | resources = ["pods", "pods/log", "configmaps", "services", "endpoints", "crontabs", "deployments", "nodes"]
25 | verbs = ["*"]
26 | }
27 | ]
28 | }
29 |
--------------------------------------------------------------------------------
/modules/elastic-search/data.tf:
--------------------------------------------------------------------------------
1 | data "aws_caller_identity" "current" {}
2 | data "aws_region" "current" {}
3 | data "aws_subnet" "selected" {
4 | count = length(var.vpc_options_subnet_ids) > 0 ? 1 : 0
5 |
6 | id = var.vpc_options_subnet_ids[0]
7 | }
8 |
--------------------------------------------------------------------------------
/modules/elastic-search/outputs.tf:
--------------------------------------------------------------------------------
1 | output "arn" {
2 | description = "The ARN of the ES domain"
3 | value = module.elastic_search.arn
4 | }
5 |
6 | output "endpoint" {
7 | description = "The endpoint of the ES domain"
8 | value = module.elastic_search.endpoint
9 | }
10 |
11 | output "master_password" {
12 | description = "The master password of the ES domain"
13 | value = module.elastic_search.master_password
14 | }
15 |
16 | output "master_username" {
17 | description = "The master username of the ES domain"
18 | value = module.elastic_search.master_username
19 | }
20 |
--------------------------------------------------------------------------------
/modules/elastic-search/templates/access_policies.tpl:
--------------------------------------------------------------------------------
1 | {
2 | "Version": "2012-10-17",
3 | "Statement": [
4 | {
5 | "Action": "es:*",
6 | "Principal": "*",
7 | "Effect": "Allow",
8 | "Resource": "arn:aws:es:${region}:${account}:domain/${domain_name}/*"
9 | }
10 | ]
11 | }
12 |
--------------------------------------------------------------------------------
/modules/elastic-search/tests/basic/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | test = {
4 | source = "terraform.io/builtin/test"
5 | }
6 |
7 | aws = {
8 | source = "hashicorp/aws"
9 | version = "~> 4.33"
10 | }
11 | }
12 | }
13 |
14 | provider "aws" {
15 | region = "eu-central-1"
16 | }
17 |
--------------------------------------------------------------------------------
/modules/elastic-search/tests/basic/1-example.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../../"
3 |
4 |
5 | domain_name = "dev"
6 | vpc_options_subnet_ids = ["subnet-id1", "subnet-id2"]
7 | vpc_options_security_group_whitelist_cidr = ["10.16.0.0/16"]
8 | ebs_options_volume_size = 10
9 |
10 | encrypt_at_rest_enabled = true
11 | advanced_security_options_enabled = true
12 | internal_user_database_enabled = true
13 | master_user_username = "admin"
14 | create_random_master_password = true
15 | domain_endpoint_options_enforce_https = true
16 | // Or you can use master_user_password variable
17 | }
18 |
--------------------------------------------------------------------------------
/modules/elastic-search/tests/basic/2-assert.tf:
--------------------------------------------------------------------------------
1 | resource "test_assertions" "dummy" {
2 | component = "monitoring-modules-cloudwatch-alarm-actions"
3 |
4 | equal "scheme" {
5 | description = "As module does not have any output and data just make sure the case runs. Probably can be thrown away."
6 | got = "all good"
7 | want = "all good"
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/modules/elastic-search/tests/basic/README.md:
--------------------------------------------------------------------------------
1 | # basic
2 |
3 |
4 | ## Requirements
5 |
6 | | Name | Version |
7 | |------|---------|
8 | | [aws](#requirement\_aws) | ~> 4.33 |
9 |
10 | ## Providers
11 |
12 | | Name | Version |
13 | |------|---------|
14 | | [test](#provider\_test) | n/a |
15 |
16 | ## Modules
17 |
18 | | Name | Source | Version |
19 | |------|--------|---------|
20 | | [this](#module\_this) | ../../ | n/a |
21 |
22 | ## Resources
23 |
24 | | Name | Type |
25 | |------|------|
26 | | test_assertions.dummy | resource |
27 |
28 | ## Inputs
29 |
30 | No inputs.
31 |
32 | ## Outputs
33 |
34 | No outputs.
35 |
36 |
--------------------------------------------------------------------------------
/modules/elastic-search/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 0.13.1"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 3.64"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/modules/external-secret-store/iam-policy.tf:
--------------------------------------------------------------------------------
1 | data "aws_caller_identity" "current" {}
2 | data "aws_region" "current" {}
3 |
4 | resource "aws_iam_policy" "policy" {
5 | count = var.create_user ? 1 : 0
6 |
7 | name = "${var.prefix}external-secrets-access-policy-for-store-${local.sanitized-name}"
8 | path = "/"
9 | description = "Policy gives external secrets store access to ${var.name}* secrets"
10 |
11 | policy = jsonencode({
12 | "Version" : "2012-10-17",
13 | "Statement" : [
14 | {
15 | "Effect" : "Allow",
16 | "Action" : [
17 | "secretsmanager:GetResourcePolicy",
18 | "secretsmanager:GetSecretValue",
19 | "secretsmanager:DescribeSecret",
20 | "secretsmanager:ListSecretVersionIds"
21 | ],
22 | "Resource" : [
23 | "arn:aws:secretsmanager:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:secret:${var.name}*",
24 | ]
25 | }
26 | ]
27 | })
28 | }
29 |
--------------------------------------------------------------------------------
/modules/external-secret-store/iam-user.tf:
--------------------------------------------------------------------------------
1 | module "iam-user" {
2 | source = "terraform-aws-modules/iam/aws//modules/iam-user"
3 | version = "4.6.0"
4 |
5 | name = "${var.prefix}${local.sanitized-name}-secret-manager"
6 | count = var.create_user ? 1 : 0
7 |
8 | create_iam_access_key = true
9 | create_user = true
10 | create_iam_user_login_profile = false
11 | upload_iam_user_ssh_key = false
12 | }
13 |
14 | resource "aws_iam_user_policy_attachment" "test-attach" {
15 | count = var.create_user ? 1 : 0
16 |
17 | user = module.iam-user[0].iam_user_name
18 | policy_arn = aws_iam_policy.policy[0].arn
19 |
20 | depends_on = [
21 | module.iam-user
22 | ]
23 | }
24 |
--------------------------------------------------------------------------------
/modules/external-secret-store/locals.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | sanitized-name = replace(var.name, "/", "-")
3 | }
4 |
--------------------------------------------------------------------------------
/modules/external-secret-store/providers.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 0.13"
3 |
4 | required_providers {
5 | kubectl = {
6 | source = "gavinbunney/kubectl"
7 | version = ">= 1.7.0"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/modules/external-secret-store/secret-store.tmpl:
--------------------------------------------------------------------------------
1 | apiVersion: ${externalSecretsApiVersion}
2 | kind: SecretStore
3 | metadata:
4 | name: ${name}
5 | namespace: ${namespace}
6 | spec:
7 | provider:
8 | aws:
9 | service: SecretsManager
10 | region: ${region}
11 | auth:
12 | secretRef:
13 | accessKeyIDSecretRef:
14 | name: ${name}-awssm-secret
15 | key: access-key
16 | secretAccessKeySecretRef:
17 | name: ${name}-awssm-secret
18 | key: secret-access-key
19 |
--------------------------------------------------------------------------------
/modules/external-secret-store/secret.tf:
--------------------------------------------------------------------------------
1 | resource "kubernetes_secret" "store-secret" {
2 | metadata {
3 | name = "${local.sanitized-name}-awssm-secret"
4 | namespace = var.namespace
5 | }
6 |
7 | data = {
8 | access-key = var.create_user ? module.iam-user[0].iam_access_key_id : var.aws_access_key_id
9 | secret-access-key = var.create_user ? module.iam-user[0].iam_access_key_secret : var.aws_access_secret
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/modules/external-secret-store/store.tf:
--------------------------------------------------------------------------------
1 | resource "kubectl_manifest" "main" {
2 | yaml_body = templatefile("${path.module}/secret-store.tmpl", {
3 | name = local.sanitized-name
4 | namespace = var.namespace
5 | region = data.aws_region.current.name
6 | controller = var.controller
7 | externalSecretsApiVersion = var.external_secrets_api_version
8 | })
9 |
10 | depends_on = [
11 | module.iam-user
12 | ]
13 | }
14 |
--------------------------------------------------------------------------------
/modules/fluent-bit-logs-s3-to-cloudwatch/fb-s3-cloudwatch/.gitignore:
--------------------------------------------------------------------------------
1 | *.zip
2 |
--------------------------------------------------------------------------------
/modules/fluent-bit-logs-s3-to-cloudwatch/fb-s3-cloudwatch/outputs.tf:
--------------------------------------------------------------------------------
1 | output "function_arn" {
2 | value = module.lambda.arn
3 | }
4 |
5 | output "function_name" {
6 | value = module.lambda.function_name
7 | }
8 |
--------------------------------------------------------------------------------
/modules/fluent-bit-logs-s3-to-cloudwatch/fb-s3-cloudwatch/variables.tf:
--------------------------------------------------------------------------------
1 | variable "function_name" {
2 | type = string
3 | default = ""
4 | }
5 |
6 | variable "bucket_name" {
7 | type = string
8 | }
9 |
10 | variable "log_group_name" {
11 | type = string
12 | }
13 |
14 | variable "memory_size" {
15 | description = "Memory size for Lambda function"
16 | type = number
17 | default = null
18 | }
19 |
20 | variable "timeout" {
21 | description = "Timeout for Lambda function"
22 | type = number
23 | default = null
24 | }
25 |
26 | variable "create_alarm" {
27 | type = bool
28 | default = false
29 | }
30 |
31 | # variable "alarm_actions" {
32 | # type = list(string)
33 | # default = []
34 | # }
35 |
36 | # variable "ok_actions" {
37 | # type = list(string)
38 | # default = []
39 | # }
40 |
--------------------------------------------------------------------------------
/modules/fluent-bit-logs-s3-to-cloudwatch/variables.tf:
--------------------------------------------------------------------------------
1 | variable "create_lambda_s3_to_cloudwatch" {
2 | type = bool
3 | default = true
4 | }
5 |
6 | variable "bucket_name" {
7 | type = string
8 | default = "test-fluent-bit-bla"
9 | }
10 |
11 | variable "create_bucket" {
12 | type = bool
13 | default = true
14 | }
15 |
16 | variable "assume_role_arn" {
17 | type = list(string)
18 | description = "AWS Acounts Assume roles arn which access bucket write"
19 | default = ["arn:aws:iam::*:role/eks-cluster-fluent-bit-role"]
20 | }
21 |
--------------------------------------------------------------------------------
/modules/fluent-bit-logs-s3-to-cloudwatch/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "~> 4.16"
6 | }
7 | }
8 |
9 | required_version = "~> 1.0"
10 | }
11 |
--------------------------------------------------------------------------------
/modules/fluent-bit-to-s3/helm-chart.tf:
--------------------------------------------------------------------------------
1 | resource "helm_release" "fluent-bit" {
2 | name = local.fluent_name
3 | repository = "https://fluent.github.io/helm-charts"
4 | chart = "fluent-bit"
5 | version = "0.20.1"
6 | namespace = var.namespace
7 |
8 | values = [
9 | # file("${path.module}/values.yaml")
10 | templatefile("${path.module}/values.yaml", {
11 | bucket_name = local.bucket_name,
12 | region = local.region
13 | })
14 | ]
15 |
16 | set {
17 | name = "clusterName"
18 | value = var.cluster_name
19 | }
20 |
21 | set {
22 | name = "serviceAccount.name"
23 | value = "fluent-bit"
24 | }
25 |
26 | set {
27 | name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
28 | value = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${aws_iam_role.fluent-bit.name}"
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/modules/fluent-bit-to-s3/iam-policy.json:
--------------------------------------------------------------------------------
1 | {
2 | "Version": "2012-10-17",
3 | "Statement": [
4 | {
5 | "Effect": "Allow",
6 | "Action": [
7 | "ec2:DescribeVolumes",
8 | "ec2:DescribeTags",
9 | "logs:PutLogEvents",
10 | "logs:DescribeLogStreams",
11 | "logs:DescribeLogGroups",
12 | "logs:CreateLogStream",
13 | "logs:CreateLogGroup",
14 | "s3:PutObject",
15 | "s3:PutObjectAcl",
16 | "s3:ListBucket"
17 | ],
18 | "Resource": "*"
19 | }
20 | ]
21 | }
22 |
--------------------------------------------------------------------------------
/modules/fluent-bit-to-s3/locals.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | fluent_name = var.fluent_bit_name != "" ? var.fluent_bit_name : "${var.cluster_name}-fluent-bit"
3 | bucket_name = var.bucket_name != "" ? var.bucket_name : "fluent-bit-bucket"
4 | region = var.region
5 | }
6 |
--------------------------------------------------------------------------------
/modules/fluent-bit-to-s3/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * # Why
3 | * Terraform module to export container logs from EKS to S3
4 | *
5 | * ## Example
6 | * ```
7 | * module "fluent-bit" {
8 | * source = "../fluent-bit-to-s3"
9 | *
10 | * fluent_bit_name = "fluent-bit"
11 | * bucket_name = "fluent-bit-cloudwatch-354242324"
12 | * cluster_name = ""
13 | * eks_oidc_root_ca_thumbprint = module.eks-cluster.eks_oidc_root_ca_thumbprint
14 | * oidc_provider_arn = module.eks-cluster.oidc_provider_arn
15 | *
16 | * cluster_host = module.eks-cluster.host
17 | * cluster_certificate = module.eks-cluster.certificate
18 | * cluster_token = module.eks-cluster.token
19 | * region = data.aws_region.current.name
20 | * }
21 | * ```
22 | */
23 |
--------------------------------------------------------------------------------
/modules/fluent-bit-to-s3/namespace.tf:
--------------------------------------------------------------------------------
1 | resource "kubernetes_namespace" "namespace" {
2 | count = var.create_namespace ? 1 : 0
3 |
4 | metadata {
5 | annotations = {
6 | name = var.namespace
7 | }
8 |
9 | name = var.namespace
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/modules/fluent-bit-to-s3/output.tf:
--------------------------------------------------------------------------------
1 | output "assume_role_arn" {
2 | value = aws_iam_role.fluent-bit.arn
3 | }
4 |
--------------------------------------------------------------------------------
/modules/fluent-bit-to-s3/providers.tf:
--------------------------------------------------------------------------------
1 | provider "helm" {
2 | kubernetes {
3 | host = var.cluster_host
4 | cluster_ca_certificate = var.cluster_certificate
5 | token = var.cluster_token
6 | }
7 | }
8 |
--------------------------------------------------------------------------------
/modules/fluent-bit-to-s3/values.yaml:
--------------------------------------------------------------------------------
1 | config:
2 | outputs: |
3 | [OUTPUT]
4 | Name s3
5 | Match *
6 | bucket ${bucket_name}
7 | region ${region}
8 | use_put_object On
9 | s3_key_format /$TAG[1]/$TAG[3]/%Y/%m/%d/%s
10 | s3_key_format_tag_delimiters .
11 | total_file_size 5M
12 | upload_timeout 1m
13 |
--------------------------------------------------------------------------------
/modules/fluent-bit-to-s3/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | helm = {
4 | source = "hashicorp/helm"
5 | version = "~> 2.4.0"
6 | }
7 | }
8 |
9 | required_version = "~> 1.0"
10 | }
11 |
--------------------------------------------------------------------------------
/modules/goldilocks/main.tf:
--------------------------------------------------------------------------------
1 | resource "helm_release" "vpa" {
2 | count = var.create_vpa_server ? 1 : 0
3 |
4 | name = "goldilocks"
5 | version = "1.6.1"
6 | repository = "https://charts.fairwinds.com/stable"
7 | chart = "vpa"
8 | }
9 |
10 |
11 | resource "null_resource" "vpa_configure" {
12 | for_each = var.namespaces
13 |
14 | provisioner "local-exec" {
15 | command = "kubectl label ns ${each.value} goldilocks.fairwinds.com/enabled=true --overwrite"
16 | }
17 |
18 | depends_on = [
19 | kubernetes_manifest.namespace
20 | ]
21 |
22 | }
23 |
24 | resource "helm_release" "goldilocks_deploy" {
25 | name = "goldilocks"
26 |
27 | repository = "https://charts.fairwinds.com/stable"
28 | chart = "goldilocks"
29 | namespace = "goldilocks"
30 |
31 | set {
32 | name = "dashboard.service.type"
33 | value = "NodePort"
34 | }
35 |
36 | depends_on = [
37 | kubernetes_manifest.namespace
38 | ]
39 |
40 | }
41 |
--------------------------------------------------------------------------------
/modules/goldilocks/metric-server.tf:
--------------------------------------------------------------------------------
1 | resource "helm_release" "metric_server" {
2 | count = var.create_metric_server ? 1 : 0
3 |
4 | name = "metrics-server"
5 | repository = "https://kubernetes-sigs.github.io/metrics-server/"
6 | chart = "metrics-server"
7 | namespace = "kube-system"
8 | }
9 |
--------------------------------------------------------------------------------
/modules/goldilocks/namespace.tf:
--------------------------------------------------------------------------------
1 | resource "kubernetes_manifest" "namespace" {
2 | manifest = {
3 | "apiVersion" = "v1"
4 | "kind" = "Namespace"
5 | "metadata" = {
6 | "name" = "goldilocks"
7 | }
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/modules/goldilocks/tests/alb_cognito_sso_for_auth/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | test = {
4 | source = "terraform.io/builtin/test"
5 | }
6 |
7 | kubectl = {
8 | source = "gavinbunney/kubectl"
9 | }
10 | }
11 | }
12 |
13 | provider "helm" {
14 | kubernetes {
15 | config_path = pathexpand("~/.kube/config")
16 | }
17 | }
18 |
19 | provider "kubernetes" {
20 | config_path = pathexpand("~/.kube/config")
21 | }
22 |
--------------------------------------------------------------------------------
/modules/goldilocks/tests/alb_cognito_sso_for_auth/2-assert.tf:
--------------------------------------------------------------------------------
1 | resource "test_assertions" "dummy" {
2 | component = "this"
3 |
4 | equal "scheme" {
5 | description = "As module does not have any output and data just make sure the case runs. Probably can be thrown away."
6 | got = "all good"
7 | want = "all good"
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/modules/goldilocks/tests/basic/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | test = {
4 | source = "terraform.io/builtin/test"
5 | }
6 |
7 | kubectl = {
8 | source = "gavinbunney/kubectl"
9 | }
10 | }
11 | }
12 |
13 | provider "helm" {
14 | kubernetes {
15 | config_path = pathexpand("~/.kube/config")
16 | }
17 | }
18 |
19 | provider "kubernetes" {
20 | config_path = pathexpand("~/.kube/config")
21 | }
22 |
--------------------------------------------------------------------------------
/modules/goldilocks/tests/basic/1-example.tf:
--------------------------------------------------------------------------------
1 | module "goldilocks" {
2 | source = "../../"
3 | namespaces = ["default"]
4 | create_metric_server = false
5 | create_dashboard_ingress = false
6 | }
7 |
--------------------------------------------------------------------------------
/modules/goldilocks/tests/basic/2-assert.tf:
--------------------------------------------------------------------------------
1 | resource "test_assertions" "dummy" {
2 | component = "this"
3 |
4 | equal "scheme" {
5 | description = "As module does not have any output and data just make sure the case runs. Probably can be thrown away."
6 | got = "all good"
7 | want = "all good"
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/modules/goldilocks/tests/basic/README.md:
--------------------------------------------------------------------------------
1 | # basic
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | | Name | Version |
11 | |------|---------|
12 | | [test](#provider\_test) | n/a |
13 |
14 | ## Modules
15 |
16 | | Name | Source | Version |
17 | |------|--------|---------|
18 | | [goldilocks](#module\_goldilocks) | ../../ | n/a |
19 |
20 | ## Resources
21 |
22 | | Name | Type |
23 | |------|------|
24 | | test_assertions.dummy | resource |
25 |
26 | ## Inputs
27 |
28 | No inputs.
29 |
30 | ## Outputs
31 |
32 | No outputs.
33 |
34 |
--------------------------------------------------------------------------------
/modules/iam-account-password-policy/main.tf:
--------------------------------------------------------------------------------
1 | resource "aws_iam_account_password_policy" "this" {
2 | allow_users_to_change_password = var.allow_users_to_change_password
3 | minimum_password_length = var.minimum_password_length
4 | require_lowercase_characters = var.require_lowercase_characters
5 | require_numbers = var.require_numbers
6 | require_symbols = var.require_symbols
7 | require_uppercase_characters = var.require_uppercase_characters
8 | max_password_age = var.max_password_age
9 | hard_expiry = var.hard_expiry
10 | password_reuse_prevention = var.password_reuse_prevention
11 | }
12 |
--------------------------------------------------------------------------------
/modules/iam-account-password-policy/outputs.tf:
--------------------------------------------------------------------------------
1 | output "iam_account_password_policy_expire_passwords" {
2 | value = aws_iam_account_password_policy.this.expire_passwords
3 | description = "Indicates whether passwords in the account expire."
4 | }
5 |
--------------------------------------------------------------------------------
/modules/iam-group/output.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dasmeta/terraform-aws-modules/7f0739f1589f107de5ff9239e439a4e82f78a7ff/modules/iam-group/output.tf
--------------------------------------------------------------------------------
/modules/iam-group/variables.tf:
--------------------------------------------------------------------------------
1 | variable "name" {
2 | type = string
3 | default = "ReadOnlyGroup"
4 | }
5 |
6 | variable "users" {
7 | type = list(string)
8 | default = []
9 | }
10 |
11 | variable "type" {
12 | type = string
13 | default = "read-only"
14 | description = "You can set read-only or admin-access or set other and set your own police action"
15 | }
16 |
17 | variable "policy_action" {
18 | type = list(any)
19 | default = []
20 | }
21 |
--------------------------------------------------------------------------------
/modules/ingress/alb-logs-cloudwatch.tf:
--------------------------------------------------------------------------------
1 | module "alb-to-cloudwatch" {
2 | count = var.enable_send_alb_logs_to_cloudwatch ? 1 : 0
3 |
4 | source = "dasmeta/modules/aws//modules/alb-logs-to-s3-to-cloudwatch"
5 | version = "2.15.0"
6 |
7 | alb_log_bucket_name = local.alb_log_bucket_name
8 | region = data.aws_region.current.name
9 | log_retention_days = var.log_retention_days
10 | }
11 |
12 | module "alb-to-s3" {
13 | count = var.enable_send_alb_logs_to_cloudwatch ? 0 : var.enable_send_alb_logs_to_s3 ? 1 : 0
14 |
15 | source = "dasmeta/modules/aws//modules/alb-logs-to-s3-to-cloudwatch"
16 | version = "2.15.0"
17 |
18 | alb_log_bucket_name = local.alb_log_bucket_name
19 | region = data.aws_region.current.name
20 | create_lambda = false
21 | log_retention_days = var.log_retention_days
22 | }
23 |
--------------------------------------------------------------------------------
/modules/ingress/data.tf:
--------------------------------------------------------------------------------
1 | data "kubernetes_ingress_v1" "ingress" {
2 | metadata {
3 | name = var.name
4 | namespace = var.namespace
5 | }
6 |
7 | depends_on = [
8 | kubernetes_ingress_v1.this_v1
9 | ]
10 | }
11 |
12 | data "aws_region" "current" {}
13 |
14 | resource "null_resource" "previous" {}
15 |
16 | resource "time_sleep" "wait_30_seconds" {
17 | depends_on = [null_resource.previous]
18 |
19 | create_duration = "30s"
20 | }
21 |
22 | data "aws_lb" "ingress" {
23 | name = var.name
24 |
25 | depends_on = [
26 | kubernetes_ingress_v1.this_v1,
27 | time_sleep.wait_30_seconds
28 | ]
29 | }
30 |
--------------------------------------------------------------------------------
/modules/ingress/examples/k8s/ingress.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.k8s.io/v1
2 | kind: Ingress
3 | metadata:
4 | namespace: default
5 | name: ingress
6 | annotations:
7 | alb.ingress.kubernetes.io/group.name: test-ingress,
8 | kubernetes.io/ingress.class: alb,
9 | spec:
10 | rules:
11 | - http:
12 | paths:
13 | - path: /welcome
14 | backend:
15 | serviceName: myapp1
16 | servicePort: 80
17 | - path: /bye
18 | backend:
19 | serviceName: myapp2
20 | servicePort: 8088
21 |
--------------------------------------------------------------------------------
/modules/ingress/examples/k8s/main.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | name = "test-ingress"
3 | domain = "dasmeta.com"
4 | }
5 |
6 | data "aws_acm_certificate" "issued" {
7 | domain = "dasmeta.com"
8 | statuses = ["ISSUED"]
9 | }
10 |
11 | module "ingress" {
12 | source = "../.."
13 |
14 | name = local.name
15 | hostname = local.domain
16 |
17 | certificate_arn = data.aws_acm_certificate.issued.arn
18 | ssl_policy = "ELBSecurityPolicy-FS-1-2-Res-2020-10"
19 | healthcheck_path = "/health"
20 | healthcheck_success_codes = "200-399"
21 |
22 | tls_hosts = [local.domain]
23 | }
24 |
--------------------------------------------------------------------------------
/modules/ingress/examples/r53/README.md:
--------------------------------------------------------------------------------
1 | ### Ingress and ALB with R53
2 | This example creates an Ingress resource with its default values, and creates an ALB. Then it uses ALB as the value for a R53 record in an existing zone.
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | No providers.
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [ingress](#module\_ingress) | ../.. | n/a |
17 | | [route53](#module\_route53) | dasmeta/modules/aws//modules/route53 | 0.21.17 |
18 |
19 | ## Resources
20 |
21 | No resources.
22 |
23 | ## Inputs
24 |
25 | No inputs.
26 |
27 | ## Outputs
28 |
29 | No outputs.
30 |
31 |
--------------------------------------------------------------------------------
/modules/ingress/examples/r53/main.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | name = "test-ingress"
3 | }
4 |
5 | //Creates a k8s ingress resource
6 | module "ingress" {
7 | source = "../.."
8 |
9 | name = local.name
10 | }
11 |
12 | //You already have a zone. It creates a record with an ALB.
13 | module "route53" {
14 | source = "dasmeta/modules/aws//modules/route53"
15 | version = "0.21.17"
16 |
17 | zone = "example.com"
18 | create_zone = false
19 | records = [
20 | {
21 | name = "test1.example.com"
22 | type = "A"
23 | value = [module.ingress.ingress_hostname]
24 | }
25 | ]
26 | ttl = "30"
27 |
28 | depends_on = [
29 | module.ingress
30 | ]
31 | }
32 |
--------------------------------------------------------------------------------
/modules/ingress/output.tf:
--------------------------------------------------------------------------------
1 | output "name" {
2 | value = var.name
3 | description = "The name of Ingress."
4 | }
5 |
6 | output "group_name" {
7 | value = local.group_name
8 | description = "The Ingress group name."
9 | }
10 |
11 | output "annotations" {
12 | value = local.annotations
13 | description = "Ingress resource's annotations."
14 | }
15 |
16 | output "ingress_hostname" {
17 | value = try(data.kubernetes_ingress_v1.ingress.status.0.load_balancer.0.ingress.0.hostname, null)
18 | description = "Load Balancer DNS name."
19 | }
20 |
21 | output "ingress_all" {
22 | value = try(data.aws_lb.ingress, null)
23 | description = "Load Balancer all info."
24 | }
25 |
26 | output "ingress_zone_id" {
27 | value = data.kubernetes_ingress_v1.ingress
28 | description = "Load Balancer all info."
29 | }
30 |
--------------------------------------------------------------------------------
/modules/ingress/tests/basic/1-example.tf:
--------------------------------------------------------------------------------
1 | data "aws_acm_certificate" "issued" {
2 | domain = "test.dasmeta.com"
3 | statuses = ["ISSUED"]
4 | }
5 |
6 | module "ingress" {
7 | source = "../.."
8 |
9 | name = "dev"
10 | hostname = "test.dasmeta.com"
11 | scheme = "internal"
12 | namespace = "default"
13 |
14 | certificate_arn = data.aws_acm_certificate.issued.arn
15 | healthcheck_path = "/health"
16 | healthcheck_success_codes = "200-399"
17 |
18 | tls_hosts = ["test.dasmeta.com"]
19 |
20 | alarms = {
21 | sns_topic = "Default"
22 | }
23 | }
24 |
25 | output "ingress_all" {
26 | value = module.ingress.ingress_all
27 | description = "Load Balancer All."
28 | }
29 |
--------------------------------------------------------------------------------
/modules/ingress/tests/basic/2-assert.tf:
--------------------------------------------------------------------------------
1 | # resource "test_assertions" "dummy" {
2 | # component = "this"
3 |
4 | # equal "scheme" {
5 | # description = "As module does not have any output and data just make sure the case runs. Probably can be thrown away."
6 | # got = "all good"
7 | # want = "all good"
8 | # }
9 | # }
10 |
--------------------------------------------------------------------------------
/modules/ingress/tests/custom_alarms/1-example.tf:
--------------------------------------------------------------------------------
1 | data "aws_acm_certificate" "issued" {
2 | domain = "test.dasmeta.com"
3 | statuses = ["ISSUED"]
4 | }
5 |
6 | module "ingress" {
7 | source = "../.."
8 |
9 | name = "dev"
10 | hostname = "test.dasmeta.com"
11 | scheme = "internal"
12 | namespace = "default"
13 |
14 | certificate_arn = data.aws_acm_certificate.issued.arn
15 | healthcheck_path = "/health"
16 | healthcheck_success_codes = "200-399"
17 |
18 | tls_hosts = ["test.dasmeta.com"]
19 |
20 | alarms = {
21 | sns_topic = "Default"
22 | # If you want overwrite existing values
23 | custom_values = {
24 | error_5xx = {
25 | statistic = "sum"
26 | threshold = "10"
27 | period = "60"
28 | },
29 | response_time = {
30 | period = "60"
31 | threshold = "10"
32 | statistic = "avg"
33 | }
34 | }
35 | }
36 | }
37 |
38 | output "ingress_all" {
39 | value = module.ingress.ingress_all
40 | description = "Load Balancer All."
41 | }
42 |
--------------------------------------------------------------------------------
/modules/ingress/tests/custom_alarms/2-assert.tf:
--------------------------------------------------------------------------------
1 | # resource "test_assertions" "dummy" {
2 | # component = "this"
3 |
4 | # equal "scheme" {
5 | # description = "As module does not have any output and data just make sure the case runs. Probably can be thrown away."
6 | # got = "all good"
7 | # want = "all good"
8 | # }
9 | # }
10 |
--------------------------------------------------------------------------------
/modules/ingress/tests/enable_s3_logs/1-example.tf:
--------------------------------------------------------------------------------
1 | data "aws_acm_certificate" "issued" {
2 | domain = "test.dasmeta.com"
3 | statuses = ["ISSUED"]
4 | }
5 |
6 | module "ingress" {
7 | source = "../.."
8 |
9 | name = "dev"
10 | hostname = "test.dasmeta.com"
11 | scheme = "internal"
12 | namespace = "default"
13 |
14 | enable_send_alb_logs_to_cloudwatch = false
15 | enable_send_alb_logs_to_s3 = true
16 |
17 | certificate_arn = data.aws_acm_certificate.issued.arn
18 | healthcheck_path = "/health"
19 | healthcheck_success_codes = "200-399"
20 |
21 | tls_hosts = ["test.dasmeta.com"]
22 |
23 | alarms = {
24 | sns_topic = "Default"
25 | }
26 | }
27 |
28 | output "ingress_all" {
29 | value = module.ingress.ingress_all
30 | description = "Load Balancer All."
31 | }
32 |
--------------------------------------------------------------------------------
/modules/ingress/tests/enable_s3_logs/2-assert.tf:
--------------------------------------------------------------------------------
1 | # resource "test_assertions" "dummy" {
2 | # component = "this"
3 |
4 | # equal "scheme" {
5 | # description = "As module does not have any output and data just make sure the case runs. Probably can be thrown away."
6 | # got = "all good"
7 | # want = "all good"
8 | # }
9 | # }
10 |
--------------------------------------------------------------------------------
/modules/ingress/tests/enable_s3_logs_to_cloudwatch/1-example.tf:
--------------------------------------------------------------------------------
1 | data "aws_acm_certificate" "issued" {
2 | domain = "test.dasmeta.com"
3 | statuses = ["ISSUED"]
4 | }
5 |
6 | module "ingress" {
7 | source = "../.."
8 |
9 | name = "dev"
10 | hostname = "test.dasmeta.com"
11 | scheme = "internal"
12 | namespace = "default"
13 |
14 | enable_send_alb_logs_to_cloudwatch = true
15 |
16 | certificate_arn = data.aws_acm_certificate.issued.arn
17 | healthcheck_path = "/health"
18 | healthcheck_success_codes = "200-399"
19 |
20 | tls_hosts = ["test.dasmeta.com"]
21 |
22 | alarms = {
23 | sns_topic = "Default"
24 | }
25 | }
26 |
27 | output "ingress_all" {
28 | value = module.ingress.ingress_all
29 | description = "Load Balancer All."
30 | }
31 |
--------------------------------------------------------------------------------
/modules/ingress/tests/enable_s3_logs_to_cloudwatch/2-assert.tf:
--------------------------------------------------------------------------------
1 | # resource "test_assertions" "dummy" {
2 | # component = "this"
3 |
4 | # equal "scheme" {
5 | # description = "As module does not have any output and data just make sure the case runs. Probably can be thrown away."
6 | # got = "all good"
7 | # want = "all good"
8 | # }
9 | # }
10 |
--------------------------------------------------------------------------------
/modules/ingress/tests/multiple-domains/1-example.tf:
--------------------------------------------------------------------------------
1 | data "aws_acm_certificate" "issued" {
2 | domain = "test.dasmeta.com"
3 | statuses = ["ISSUED"]
4 | }
5 |
6 | module "this" {
7 | source = "../.."
8 |
9 | name = "test"
10 | hostname = "test.dasmeta.com"
11 | additional_hostnames = ["*.test.dasmeta.com"]
12 |
13 | certificate_arn = data.aws_acm_certificate.issued.arn
14 | healthcheck_path = "/health"
15 | healthcheck_success_codes = "200-399"
16 | tls_hosts = ["test.dasmeta.com", "*.test.dasmeta.com"]
17 |
18 | alarms = {
19 | enabled = false
20 | sns_topic = ""
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/modules/ingress/tests/multiple-domains/2-assert.tf:
--------------------------------------------------------------------------------
1 | # resource "test_assertions" "dummy" {
2 | # component = "this"
3 |
4 | # equal "scheme" {
5 | # description = "As module does not have any output and data just make sure the case runs. Probably can be thrown away."
6 | # got = "all good"
7 | # want = "all good"
8 | # }
9 | # }
10 |
--------------------------------------------------------------------------------
/modules/ingress/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = "> 0.15.0"
3 |
4 | required_providers {
5 | kubernetes = {
6 | source = "hashicorp/kubernetes"
7 | version = ">= 2.0"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/modules/kms/data.tf:
--------------------------------------------------------------------------------
1 | data "aws_caller_identity" "current" {}
2 |
--------------------------------------------------------------------------------
/modules/kms/locals.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | cloudwatch_logs_policy = jsonencode(
3 | {
4 | Id = "CloudWatch"
5 | Statement = [
6 | {
7 | Action = [
8 | "kms:*"
9 | ],
10 | Effect = "Allow"
11 | Principal = {
12 | Service = "logs.amazonaws.com"
13 | }
14 |
15 | Resource = "*"
16 | Sid = "AllowCloudWatchToUseKey"
17 | },
18 | {
19 | Action = [
20 | "kms:*"
21 | ],
22 | Effect = "Allow"
23 | Principal = {
24 | AWS = data.aws_caller_identity.current.account_id
25 | }
26 |
27 | Resource = "*"
28 | Sid = "AllowAccountManageKey"
29 | }
30 | ]
31 | Version = "2012-10-17"
32 | }
33 | )
34 | }
35 |
--------------------------------------------------------------------------------
/modules/kms/main.tf:
--------------------------------------------------------------------------------
1 | resource "aws_kms_key" "this" {
2 | description = var.kms_key_description
3 | enable_key_rotation = true
4 | }
5 |
6 | resource "aws_kms_alias" "alias" {
7 | name = "alias/${var.kms_alias_name}"
8 | target_key_id = aws_kms_key.this.id
9 | }
10 |
11 |
12 | resource "aws_kms_key_policy" "this" {
13 | key_id = aws_kms_key.this.id
14 | policy = var.kms_key_cloudwatch ? local.cloudwatch_logs_policy : var.kms_key_policy
15 | }
16 |
--------------------------------------------------------------------------------
/modules/kms/output.tf:
--------------------------------------------------------------------------------
1 | output "kms_key_id" {
2 | description = "The ID of the KMS key"
3 | value = aws_kms_key.this.id
4 | }
5 |
6 | output "kms_key_arn" {
7 | description = "The ARN of the KMS key"
8 | value = aws_kms_key.this.arn
9 | }
10 |
--------------------------------------------------------------------------------
/modules/kms/tests/basic/README.md:
--------------------------------------------------------------------------------
1 | # basic
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | No providers.
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [kms\_for\_cloudwatch](#module\_kms\_for\_cloudwatch) | ../../ | n/a |
17 |
18 | ## Resources
19 |
20 | No resources.
21 |
22 | ## Inputs
23 |
24 | No inputs.
25 |
26 | ## Outputs
27 |
28 | No outputs.
29 |
30 |
--------------------------------------------------------------------------------
/modules/kms/tests/basic/main.tf:
--------------------------------------------------------------------------------
1 | module "kms_for_cloudwatch" {
2 | source = "../../"
3 |
4 | kms_key_description = "Encryption key for example log group"
5 | kms_alias_name = "example-log-group-key"
6 | }
7 |
--------------------------------------------------------------------------------
/modules/kms/tests/policy/README.md:
--------------------------------------------------------------------------------
1 | # policy
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | No providers.
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [kms\_for\_cloudwatch](#module\_kms\_for\_cloudwatch) | ../../ | n/a |
17 |
18 | ## Resources
19 |
20 | No resources.
21 |
22 | ## Inputs
23 |
24 | No inputs.
25 |
26 | ## Outputs
27 |
28 | No outputs.
29 |
30 |
--------------------------------------------------------------------------------
/modules/kms/tests/policy/main.tf:
--------------------------------------------------------------------------------
1 | module "kms_for_cloudwatch" {
2 | source = "../../"
3 |
4 | kms_key_description = "Encryption key for example log group"
5 | kms_alias_name = "example-log-group-key"
6 | kms_key_cloudwatch = false
7 | kms_key_policy = jsonencode(
8 | {
9 | Id = "CloudWatch"
10 | Statement = [
11 | {
12 | Action = [
13 | "kms:*"
14 | ],
15 | Effect = "Allow"
16 | Principal = {
17 | Service = "logs.amazonaws.com"
18 | }
19 |
20 | Resource = "*"
21 | Sid = "AllowCloudWatchToUseKey"
22 | }
23 | ]
24 | Version = "2012-10-17"
25 | }
26 | )
27 | }
28 |
--------------------------------------------------------------------------------
/modules/kms/variables.tf:
--------------------------------------------------------------------------------
1 | variable "kms_key_description" {
2 | description = "Description for the KMS key"
3 | type = string
4 | default = "KMS key for CloudWatch log group encryption"
5 | }
6 |
7 | variable "kms_alias_name" {
8 | description = "Alias name for the KMS key"
9 | type = string
10 | default = "cloudwatch-key"
11 | }
12 |
13 | variable "kms_key_cloudwatch" {
14 | type = bool
15 | default = true
16 | description = "KMS key policy for CloudWatch logs"
17 | }
18 |
19 | variable "kms_key_policy" {
20 | type = any
21 | description = "KMS key policy"
22 | default = null
23 | }
24 |
--------------------------------------------------------------------------------
/modules/metric-filter/main.tf:
--------------------------------------------------------------------------------
1 | resource "aws_cloudwatch_log_metric_filter" "metric_filter" {
2 | for_each = { for mp in var.metrics_patterns : mp.name => mp }
3 |
4 | name = each.value.name
5 | pattern = each.value.pattern
6 | log_group_name = var.log_group_name
7 |
8 | metric_transformation {
9 | name = each.value.name
10 | namespace = var.metrics_namespace
11 | value = "1"
12 | unit = each.value.unit
13 | dimensions = each.value.dimensions
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/modules/metric-filter/variables.tf:
--------------------------------------------------------------------------------
1 | variable "metrics_patterns" {
2 | type = any
3 | default = [
4 | {
5 | name = ""
6 | pattern = ""
7 | unit = ""
8 | dimensions = {}
9 | }
10 | ]
11 | }
12 |
13 | variable "log_group_name" {
14 | type = string
15 | }
16 |
17 | variable "metrics_namespace" {
18 | type = string
19 | default = "Log_Filters"
20 | }
21 |
--------------------------------------------------------------------------------
/modules/metrics-filter-multiple/variables.tf:
--------------------------------------------------------------------------------
1 | variable "metrics_namespace" {
2 | type = string
3 | default = "LogBasedMetrics"
4 | }
5 |
6 | variable "patterns" {
7 | type = list(any)
8 | default = [
9 | # {
10 | # name = ""
11 | # source = ""
12 | # pattern = ""
13 | # dimensions = {}
14 | # }
15 | ]
16 | }
17 |
18 | variable "log_groups" {
19 | type = map(any)
20 | default = {
21 | # group1 = ""
22 | # group2 = ""
23 | # groupN = ""
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/modules/metrics-filter-multiple/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "~> 4.16"
6 | }
7 | }
8 |
9 | required_version = "~> 1.0"
10 | }
11 |
--------------------------------------------------------------------------------
/modules/mongodb-atlas/access_user.tf:
--------------------------------------------------------------------------------
1 | resource "mongodbatlas_org_invitation" "org_invitation" {
2 | for_each = var.org_invitation_enabled ? { for user in var.access_users : user.username => user } : {}
3 | username = each.value.username
4 | org_id = var.org_id
5 | roles = each.value.roles
6 | }
7 |
8 | resource "mongodbatlas_project_invitation" "project_invitation" {
9 | for_each = { for user in var.access_users : user.username => user }
10 | username = each.value.username
11 | project_id = mongodbatlas_project.main.id
12 | roles = each.value.project_roles
13 | }
14 |
--------------------------------------------------------------------------------
/modules/mongodb-atlas/alerts.tf:
--------------------------------------------------------------------------------
1 | resource "mongodbatlas_alert_configuration" "main" {
2 | count = var.create_alert_configuration ? 1 : 0
3 |
4 | project_id = mongodbatlas_project.main.id
5 | event_type = var.alert_event_type
6 | enabled = true
7 |
8 | notification {
9 | type_name = var.alert_type_name
10 | interval_min = var.alert_interval_min
11 | delay_min = var.alert_delay_min
12 | sms_enabled = var.alert_sms_enabled
13 | email_enabled = var.alert_email_enabled
14 | roles = var.alert_roles
15 | }
16 |
17 | metric_threshold_config {
18 | metric_name = var.alert_metric_name
19 | operator = var.alert_operator
20 | threshold = var.alert_threshold
21 | units = var.alert_units
22 | mode = var.alert_mode
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/modules/mongodb-atlas/auditing.tf:
--------------------------------------------------------------------------------
1 | resource "mongodbatlas_auditing" "audit" {
2 | count = var.enable_auditing ? 1 : 0
3 |
4 | project_id = mongodbatlas_project.main.id
5 | audit_filter = jsonencode(var.audit_filter)
6 | audit_authorization_success = false
7 | enabled = true
8 | }
9 |
--------------------------------------------------------------------------------
/modules/mongodb-atlas/outputs.tf:
--------------------------------------------------------------------------------
1 | output "cluster_connection_string" {
2 | value = mongodbatlas_cluster.main.connection_strings[0].standard
3 | sensitive = false
4 | description = "Mongodb connecton string"
5 | }
6 |
7 | output "users" {
8 | value = {
9 | for k, p in mongodbatlas_database_user.user : p.username => nonsensitive(random_password.password[k].result)
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/modules/mongodb-atlas/project.tf:
--------------------------------------------------------------------------------
1 | resource "mongodbatlas_project" "main" {
2 | name = var.project_name
3 | org_id = var.org_id
4 | with_default_alerts_settings = var.with_default_alerts_settings
5 |
6 | dynamic "teams" {
7 | for_each = { for team in var.teams : team.team_id => team }
8 |
9 | content {
10 | team_id = teams.value.team_id
11 | role_names = teams.value.role_names
12 | }
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/modules/mongodb-atlas/team.tf:
--------------------------------------------------------------------------------
1 | # resource "mongodbatlas_teams" "team" {
2 | # org_id = var.org_id
3 | # name = var.project_name
4 | # usernames = ["user1@email.com", "user2@email.com", "user3@email.com"]
5 | # }
6 |
--------------------------------------------------------------------------------
/modules/mongodb-atlas/users.tf:
--------------------------------------------------------------------------------
1 | resource "random_password" "password" {
2 | for_each = { for user in var.users : user.username => user }
3 |
4 | length = 16
5 | special = false
6 | }
7 |
8 | resource "mongodbatlas_database_user" "user" {
9 | for_each = { for user in var.users : user.username => user }
10 |
11 | username = each.value.username
12 | password = random_password.password[each.key].result
13 | auth_database_name = "admin"
14 | project_id = mongodbatlas_project.main.id
15 |
16 | dynamic "roles" {
17 | for_each = each.value.roles
18 |
19 | content {
20 | role_name = roles.value.role_name
21 | database_name = roles.value.database_name
22 | }
23 |
24 | }
25 | dynamic "scopes" {
26 | for_each = each.value.scopes
27 |
28 | content {
29 | name = each.value.scopes.name
30 | type = each.value.scopes.type
31 | }
32 | }
33 |
34 | lifecycle {
35 | ignore_changes = [password]
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/modules/mongodb-atlas/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = "> 0.15.0"
3 |
4 | required_providers {
5 | mongodbatlas = {
6 | source = "mongodb/mongodbatlas"
7 | version = ">= 1.2"
8 | }
9 |
10 | aws = {
11 | source = "hashicorp/aws"
12 | version = ">= 3.72"
13 | }
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/modules/mongodb/tests/basic/1-example.tf:
--------------------------------------------------------------------------------
1 | module "basic" {
2 | source = "../.."
3 |
4 | root_password = md5(timestamp())
5 | replicaset_key = md5(timestamp())
6 | }
7 |
--------------------------------------------------------------------------------
/modules/mongodb/tests/basic/README.md:
--------------------------------------------------------------------------------
1 | # basic
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | No providers.
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [basic](#module\_basic) | ../.. | n/a |
17 |
18 | ## Resources
19 |
20 | No resources.
21 |
22 | ## Inputs
23 |
24 | No inputs.
25 |
26 | ## Outputs
27 |
28 | No outputs.
29 |
30 |
--------------------------------------------------------------------------------
/modules/mongodb/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 0.14.11"
3 |
4 | required_providers {
5 | helm = {
6 | source = "hashicorp/helm"
7 | version = ">= 2.4.1"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/modules/route53-alerts-notify/health_check.tf:
--------------------------------------------------------------------------------
1 | # Create a healthcheck
2 | resource "aws_route53_health_check" "healthcheck" {
3 | fqdn = var.domain_name
4 | port = var.port
5 | type = var.type
6 | resource_path = var.resource_path
7 | failure_threshold = var.failure_threshold
8 | request_interval = var.request_interval
9 | reference_name = var.reference_name
10 | measure_latency = var.measure_latency
11 | regions = var.regions
12 | cloudwatch_alarm_region = "us-east-1"
13 | tags = var.tags
14 | }
15 |
--------------------------------------------------------------------------------
/modules/route53-alerts-notify/lambdas.tf:
--------------------------------------------------------------------------------
1 | module "notify_slack" {
2 | count = local.notify_slack ? 1 : 0
3 | source = "terraform-aws-modules/notify-slack/aws"
4 | version = "4.18.0"
5 |
6 | sns_topic_name = "${replace("${var.domain_name}${var.resource_path}", "/[./]+/", "-")}-slack"
7 | slack_webhook_url = var.slack_hook_url
8 | slack_channel = var.slack_channel
9 | slack_username = var.slack_username
10 | lambda_function_name = "${replace("${var.domain_name}${var.resource_path}", "/[./]+/", "-")}-slack"
11 | }
12 |
--------------------------------------------------------------------------------
/modules/route53-alerts-notify/locals.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | notify_slack = var.slack_hook_url == null ? false : true
3 | notify_opsgenie = length(var.opsgenie_endpoint) > 0 ? true : false
4 | notify_sms = length(var.sns_subscription_phone_number_list) > 0 ? true : false
5 | notify_email = length(var.sns_subscription_email_address_list) > 0 ? true : false
6 |
7 | # multiple topics are optional. We filter the ones not used.
8 | alarm_actions = [
9 | for topic in [
10 | local.notify_email ? aws_sns_topic.this-email[0].arn : null, // email
11 | local.notify_sms ? aws_sns_topic.this-sms[0].arn : null, // sms
12 | local.notify_opsgenie ? aws_sns_topic.this-opsgenie[0].arn : null, // Opsgenie
13 | local.notify_slack ? data.aws_sns_topic.aws_sns_topic_slack_health_check[0].arn : null, // slack
14 | var.sns_topic_arn // custom topic
15 | ] :
16 | topic if topic != null
17 | ]
18 | }
19 |
--------------------------------------------------------------------------------
/modules/route53-alerts-notify/requirements.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = ">= 2.50.0"
6 | }
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/modules/route53-alerts-notify/sns_opesgenie_topic_subscription.tf:
--------------------------------------------------------------------------------
1 | # Create sns topic for opsgenie notifications
2 | resource "aws_sns_topic" "this-opsgenie" {
3 | count = local.notify_opsgenie ? 1 : 0
4 | name = "${replace("${var.domain_name}${var.resource_path}", "/[./]+/", "-")}-opsgenie"
5 |
6 | delivery_policy = <
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | No providers.
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [infra-secret](#module\_infra-secret) | ../../ | n/a |
17 | | [service-secret](#module\_service-secret) | ../../../secret | n/a |
18 |
19 | ## Resources
20 |
21 | No resources.
22 |
23 | ## Inputs
24 |
25 | No inputs.
26 |
27 | ## Outputs
28 |
29 | No outputs.
30 |
31 |
--------------------------------------------------------------------------------
/modules/secret-reader/tests/default/main.tf:
--------------------------------------------------------------------------------
1 | module "infra-secret" {
2 | source = "../../"
3 |
4 | name = "test-project/dev/infra-secret"
5 | }
6 |
7 | locals {
8 | RABBITMQ_USER = module.infra-secret.secrets["RABBITMQ_USER"]
9 | RABBITMQ_PASSWORD = module.infra-secret.secrets["RABBITMQ_PASSWORD"]
10 | JWT_KEY = module.infra-secret.secrets["JWT_KEY"]
11 | JWT_ALGORITHM = module.infra-secret.secrets["JWT_ALGORITHM"]
12 | }
13 |
14 | module "service-secret" {
15 | source = "../../../secret"
16 |
17 | name = "test-project/dev/app-secret"
18 | value = {
19 | "RABBITMQ_USER" : local.RABBITMQ_USER
20 | "RABBITMQ_PASSWORD" : local.RABBITMQ_PASSWORD
21 | "JWT_KEY" : local.JWT_KEY
22 | "JWT_ALGORITHM" : local.JWT_ALGORITHM
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/modules/secret-reader/variables.tf:
--------------------------------------------------------------------------------
1 | variable "name" {
2 | type = string
3 | description = "Your secret name"
4 | }
5 |
6 | variable "secret_key" {
7 | type = string
8 | default = null
9 | description = "You can get secret value if set key name"
10 | }
11 |
--------------------------------------------------------------------------------
/modules/secret/outputs.tf:
--------------------------------------------------------------------------------
1 | output "secret_id" {
2 | value = aws_secretsmanager_secret.secret.id
3 | description = "The ID of created secret"
4 | }
5 |
--------------------------------------------------------------------------------
/modules/secret/secret.tf:
--------------------------------------------------------------------------------
1 | resource "aws_secretsmanager_secret" "secret" {
2 | name = var.name
3 | recovery_window_in_days = var.recovery_window_in_days
4 | kms_key_id = var.kms_key_id
5 | }
6 |
7 | resource "aws_secretsmanager_secret_version" "value" {
8 | count = var.value == null ? 0 : 1
9 |
10 | secret_id = aws_secretsmanager_secret.secret.id
11 | secret_string = jsonencode(var.value)
12 | }
13 |
--------------------------------------------------------------------------------
/modules/secret/tests/basic/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | test = {
4 | source = "terraform.io/builtin/test"
5 | }
6 |
7 | aws = {
8 | source = "hashicorp/aws"
9 | version = ">= 3.41"
10 | }
11 | }
12 |
13 | required_version = ">= 1.3.0"
14 | }
15 |
16 | /**
17 | * set the following env vars so that aws provider will get authenticated before apply:
18 |
19 | export AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxxxxxx
20 | export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxx
21 | */
22 | provider "aws" {
23 | region = "eu-central-1"
24 | }
25 |
--------------------------------------------------------------------------------
/modules/secret/tests/basic/1-example.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../../"
3 |
4 | name = "test-secret"
5 | value = {
6 | my_super_secret_key = "my_super_secret_value"
7 | }
8 | recovery_window_in_days = 0 # to destroy the secret immediately and not wait some days(default is 30) for recovery
9 | }
10 |
--------------------------------------------------------------------------------
/modules/secret/tests/basic/2-assert.tf:
--------------------------------------------------------------------------------
1 | resource "test_assertions" "dummy" {
2 | component = "this"
3 |
4 | equal "scheme" {
5 | description = "As module does not have any output and data just make sure the case runs. Probably can be thrown away."
6 | got = "all good"
7 | want = "all good"
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/modules/secret/tests/basic/README.md:
--------------------------------------------------------------------------------
1 | # basic
2 |
3 |
4 | ## Requirements
5 |
6 | | Name | Version |
7 | |------|---------|
8 | | [terraform](#requirement\_terraform) | >= 1.3.0 |
9 | | [aws](#requirement\_aws) | >= 3.41 |
10 |
11 | ## Providers
12 |
13 | | Name | Version |
14 | |------|---------|
15 | | [test](#provider\_test) | n/a |
16 |
17 | ## Modules
18 |
19 | | Name | Source | Version |
20 | |------|--------|---------|
21 | | [this](#module\_this) | ../../ | n/a |
22 |
23 | ## Resources
24 |
25 | | Name | Type |
26 | |------|------|
27 | | test_assertions.dummy | resource |
28 |
29 | ## Inputs
30 |
31 | No inputs.
32 |
33 | ## Outputs
34 |
35 | No outputs.
36 |
37 |
--------------------------------------------------------------------------------
/modules/secret/tests/kms_encrypted/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | test = {
4 | source = "terraform.io/builtin/test"
5 | }
6 |
7 | aws = {
8 | source = "hashicorp/aws"
9 | version = ">= 3.41"
10 | }
11 | }
12 |
13 | required_version = ">= 1.3.0"
14 | }
15 |
16 | /**
17 | * set the following env vars so that aws provider will get authenticated before apply:
18 |
19 | export AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxxxxxx
20 | export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxx
21 | */
22 | provider "aws" {
23 | region = "eu-central-1"
24 | }
25 |
--------------------------------------------------------------------------------
/modules/secret/tests/kms_encrypted/1-example.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../../"
3 |
4 | name = "test-secret"
5 | value = {
6 | my_super_secret_key = "my_super_secret_value"
7 | }
8 | recovery_window_in_days = 0 # to destroy the secret immediately and not wait some days(default is 30) for recovery
9 | kms_key_id = "arn:aws:kms:us-east-1:000000000000:key/0000000000000"
10 | }
11 |
--------------------------------------------------------------------------------
/modules/secret/tests/kms_encrypted/2-assert.tf:
--------------------------------------------------------------------------------
1 | resource "test_assertions" "dummy" {
2 | component = "this"
3 |
4 | equal "scheme" {
5 | description = "As module does not have any output and data just make sure the case runs. Probably can be thrown away."
6 | got = "all good"
7 | want = "all good"
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/modules/secret/tests/kms_encrypted/README.md:
--------------------------------------------------------------------------------
1 | # basic
2 |
3 |
4 | ## Requirements
5 |
6 | | Name | Version |
7 | |------|---------|
8 | | [terraform](#requirement\_terraform) | >= 1.3.0 |
9 | | [aws](#requirement\_aws) | >= 3.41 |
10 |
11 | ## Providers
12 |
13 | | Name | Version |
14 | |------|---------|
15 | | [test](#provider\_test) | n/a |
16 |
17 | ## Modules
18 |
19 | | Name | Source | Version |
20 | |------|--------|---------|
21 | | [this](#module\_this) | ../../ | n/a |
22 |
23 | ## Resources
24 |
25 | | Name | Type |
26 | |------|------|
27 | | test_assertions.dummy | resource |
28 |
29 | ## Inputs
30 |
31 | No inputs.
32 |
33 | ## Outputs
34 |
35 | No outputs.
36 |
37 |
--------------------------------------------------------------------------------
/modules/secret/variables.tf:
--------------------------------------------------------------------------------
1 | variable "name" {
2 | type = string
3 | description = "Secret name"
4 | }
5 |
6 | variable "value" {
7 | type = any
8 | default = null
9 | description = "Secret value"
10 | }
11 |
12 | variable "kms_key_id" {
13 | type = any
14 | default = null
15 | description = "ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret."
16 | }
17 |
18 | variable "recovery_window_in_days" {
19 | type = number
20 | default = 30
21 | description = "(Optional) Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30"
22 | }
23 |
--------------------------------------------------------------------------------
/modules/secret/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = ">= 3.43"
6 | }
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/modules/service-alerts/output.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dasmeta/terraform-aws-modules/7f0739f1589f107de5ff9239e439a4e82f78a7ff/modules/service-alerts/output.tf
--------------------------------------------------------------------------------
/modules/ses/locals.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | dkim_record_0 = {
3 | name : "${aws_ses_domain_dkim.ses_domain.dkim_tokens[0]}._domainkey.${var.email_domain}."
4 | record : "${aws_ses_domain_dkim.ses_domain.dkim_tokens[0]}.dkim.amazonses.com."
5 | type : "CNAME"
6 | }
7 | dkim_record_1 = {
8 | name : "${aws_ses_domain_dkim.ses_domain.dkim_tokens[1]}._domainkey.${var.email_domain}."
9 | record : "${aws_ses_domain_dkim.ses_domain.dkim_tokens[1]}.dkim.amazonses.com."
10 | type : "CNAME"
11 | }
12 | dkim_record_2 = {
13 | name : "${aws_ses_domain_dkim.ses_domain.dkim_tokens[2]}._domainkey.${var.email_domain}."
14 | record : "${aws_ses_domain_dkim.ses_domain.dkim_tokens[2]}.dkim.amazonses.com."
15 | type : "CNAME"
16 | }
17 |
18 | region = var.region == null ? data.aws_region.current.name : var.region
19 | }
20 |
21 | data "aws_route53_zone" "this" {
22 | count = anytrue([var.create_spf_route53, var.create_dkim_route53]) ? 1 : 0
23 | name = var.email_domain
24 | }
25 |
--------------------------------------------------------------------------------
/modules/ses/ouputs.tf:
--------------------------------------------------------------------------------
1 | output "dkim_records" {
2 | description = "DNS records for DKIM"
3 | value = [local.dkim_record_0, local.dkim_record_1, local.dkim_record_2]
4 | }
5 |
6 | output "smtp_credentials" {
7 | value = { for k, v in aws_iam_access_key.ses_user : k =>
8 | {
9 | user = v.user,
10 | password = v.ses_smtp_password_v4
11 | }
12 | }
13 | description = "SMTP Username and Passwort"
14 | sensitive = true
15 | }
16 |
17 | output "secret_keys" {
18 | value = { for v in aws_iam_access_key.ses_user : v.user =>
19 | {
20 | user = v.user,
21 | id = v.id
22 | secret = v.secret
23 | }
24 | }
25 | description = "IAM Access Key ID and Secret"
26 | sensitive = true
27 | }
28 |
--------------------------------------------------------------------------------
/modules/ses/tests/basic/README.md:
--------------------------------------------------------------------------------
1 | # basic
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | No providers.
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [ses](#module\_ses) | ../../ | n/a |
17 |
18 | ## Resources
19 |
20 | No resources.
21 |
22 | ## Inputs
23 |
24 | No inputs.
25 |
26 | ## Outputs
27 |
28 | No outputs.
29 |
30 |
--------------------------------------------------------------------------------
/modules/ses/tests/basic/main.tf:
--------------------------------------------------------------------------------
1 | module "ses" {
2 | source = "../../"
3 | email_domain = "devops.dasmeta.com"
4 | mail_users = ["prod"]
5 | verified_domains = ["devops.dasmeta.com"]
6 | }
7 |
--------------------------------------------------------------------------------
/modules/ses/tests/multiple/README.md:
--------------------------------------------------------------------------------
1 | # multiple
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | No providers.
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [ses](#module\_ses) | ../../ | n/a |
17 | | [ses-virginia](#module\_ses-virginia) | ../../ | n/a |
18 |
19 | ## Resources
20 |
21 | No resources.
22 |
23 | ## Inputs
24 |
25 | No inputs.
26 |
27 | ## Outputs
28 |
29 | No outputs.
30 |
31 |
--------------------------------------------------------------------------------
/modules/ses/tests/multiple/main.tf:
--------------------------------------------------------------------------------
1 | module "ses" {
2 | source = "../../"
3 | email_domain = "devops.dasmeta.com"
4 | mail_users = ["prod"]
5 | verified_domains = ["devops.dasmeta.com"]
6 | }
7 |
8 | module "ses-virginia" {
9 | source = "../../"
10 | email_domain = "devops.dasmeta.com"
11 | mail_users = ["prod-virginia"]
12 | verified_domains = ["devops.dasmeta.com"]
13 | region = "us-east-1"
14 | prefix = "virginia"
15 |
16 | providers = {
17 | aws = aws.virginia # Explicitly pass the AWS provider
18 | }
19 | }
20 |
21 |
22 | provider "aws" {
23 | region = "us-east-1" # Specify the desired AWS region here
24 | alias = "virginia"
25 | }
26 |
--------------------------------------------------------------------------------
/modules/sns-cronjob/outputs.tf:
--------------------------------------------------------------------------------
1 | output "topic_id" {
2 | value = aws_sns_topic.this.id
3 | description = "The ID of the SNS platform application."
4 | }
5 |
6 | output "topic_arn" {
7 | value = aws_sns_topic.this.arn
8 | description = "The ARN of the SNS platform application."
9 | }
10 |
--------------------------------------------------------------------------------
/modules/sns-cronjob/variables.tf:
--------------------------------------------------------------------------------
1 | variable "name" {
2 | type = string
3 | description = "Name (e.g. app or cluster)."
4 | }
5 |
6 | variable "endpoint" {
7 | type = string
8 | description = "The endpoint to send POST request data to, the contents will vary with the protocol."
9 | }
10 |
11 | variable "is_enabled" {
12 | type = bool
13 | default = true
14 | description = "Controls if cronjob enabled or not"
15 | }
16 |
17 | variable "input" {
18 | type = any
19 | default = {}
20 | description = "The data, input to set into POST request body Message field."
21 | }
22 |
23 | variable "schedule" {
24 | type = any
25 | default = "cron(* * * * ? *)"
26 | description = "the aws cloudwatch event rule schedule expression that specifies when the scheduler runs. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html"
27 | }
28 |
29 | variable "success_sample_percentage" {
30 | type = string
31 | default = 100
32 | description = "Percentage of success to sample"
33 | }
34 |
--------------------------------------------------------------------------------
/modules/sns-cronjob/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = ">= 3.5.0"
6 | }
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/modules/sqs/data.tf:
--------------------------------------------------------------------------------
1 | data "aws_caller_identity" "current" {}
2 | data "aws_region" "current" {}
3 |
--------------------------------------------------------------------------------
/modules/sqs/locals.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | queue_name = var.fifo_queue ? "${var.name}.fifo" : var.name
3 | iam_username = "sqs-queue-${var.name}-usr"
4 | }
5 |
--------------------------------------------------------------------------------
/modules/sqs/tests/basic/README.md:
--------------------------------------------------------------------------------
1 | # basic
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | No providers.
11 |
12 | ## Modules
13 |
14 | | Name | Source | Version |
15 | |------|--------|---------|
16 | | [sqs](#module\_sqs) | ../../ | n/a |
17 |
18 | ## Resources
19 |
20 | No resources.
21 |
22 | ## Inputs
23 |
24 | No inputs.
25 |
26 | ## Outputs
27 |
28 | No outputs.
29 |
30 |
--------------------------------------------------------------------------------
/modules/sqs/tests/basic/main.tf:
--------------------------------------------------------------------------------
1 | module "sqs" {
2 | source = "../../"
3 |
4 | name = "test"
5 | create_iam_user = false
6 | }
7 |
--------------------------------------------------------------------------------
/modules/ssl-certificate/certificates.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | domains_union = concat([var.zone], var.alternative_zones)
3 | all_zones = { for index, zone in toset(local.domains_union) :
4 | zone => zone
5 | }
6 |
7 | all_domains = { for index, domain in concat([var.domain], var.alternative_domains) :
8 | domain => {
9 | domain = domain
10 | zone = var.validate == true ? local.domains_union[index] : ""
11 | }
12 | }
13 | }
14 |
15 | resource "aws_acm_certificate" "main" {
16 | domain_name = var.domain
17 | subject_alternative_names = var.alternative_domains
18 | validation_method = "DNS"
19 |
20 | tags = var.tags
21 |
22 | lifecycle {
23 | create_before_destroy = true
24 | }
25 | }
26 |
27 | resource "aws_acm_certificate_validation" "cert" {
28 | count = var.validate == true ? 1 : 0
29 |
30 | certificate_arn = aws_acm_certificate.main.arn
31 | validation_record_fqdns = aws_acm_certificate.main.domain_validation_options[*].resource_record_name
32 | }
33 |
--------------------------------------------------------------------------------
/modules/ssl-certificate/data.tf:
--------------------------------------------------------------------------------
1 | data "aws_route53_zone" "zones" {
2 | for_each = var.validate == true ? local.all_zones : {}
3 |
4 | name = each.value
5 | private_zone = false
6 | }
7 |
--------------------------------------------------------------------------------
/modules/ssl-certificate/output.tf:
--------------------------------------------------------------------------------
1 | output "arn" {
2 | value = aws_acm_certificate.main.arn
3 | sensitive = false
4 | description = "SSL Certificate ARN to be used in ingress controllers"
5 | }
6 |
7 | output "cname_records" {
8 | value = aws_acm_certificate.main.domain_validation_options
9 | }
10 |
--------------------------------------------------------------------------------
/modules/ssl-certificate/r53-validation.tf:
--------------------------------------------------------------------------------
1 | resource "aws_route53_record" "main" {
2 | for_each = var.validate == true ? {
3 | for dvo in aws_acm_certificate.main.domain_validation_options : dvo.domain_name => {
4 | name = dvo.resource_record_name
5 | record = dvo.resource_record_value
6 | type = dvo.resource_record_type
7 | index = dvo.domain_name
8 | }
9 | } : {}
10 |
11 | allow_overwrite = true
12 | name = each.value.name
13 | records = [each.value.record]
14 | ttl = 60
15 | type = each.value.type
16 | zone_id = var.validate ? data.aws_route53_zone.zones[local.all_domains[each.value.index].zone].zone_id : null
17 | }
18 |
--------------------------------------------------------------------------------
/modules/ssl-certificate/tests/alternative_domain/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | test = {
4 | source = "terraform.io/builtin/test"
5 | }
6 |
7 | aws = {
8 | source = "hashicorp/aws"
9 | version = ">= 3.41"
10 | }
11 | }
12 |
13 | required_version = ">= 1.3.0"
14 | }
15 |
16 | /**
17 | * set the following env vars so that aws provider will get authenticated before apply:
18 |
19 | export AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxxxxxx
20 | export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxx
21 | */
22 | provider "aws" {
23 | region = "eu-central-1"
24 | }
25 |
--------------------------------------------------------------------------------
/modules/ssl-certificate/tests/alternative_domain/1-example.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../.."
3 |
4 | validate = false
5 | domain = "*.devops.dasmeta.com"
6 | alternative_domains = ["dm.example.io", "dm.example.am"]
7 | }
8 |
--------------------------------------------------------------------------------
/modules/ssl-certificate/tests/alternative_domain/2-assert.tf:
--------------------------------------------------------------------------------
1 | resource "test_assertions" "dummy" {
2 | component = "this"
3 |
4 | equal "scheme" {
5 | description = "As module does not have any output and data just make sure the case runs. Probably can be thrown away."
6 | got = "all good"
7 | want = "all good"
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/modules/ssl-certificate/tests/alternative_domain/README.md:
--------------------------------------------------------------------------------
1 | # alternative_domain
2 |
3 |
4 | ## Requirements
5 |
6 | | Name | Version |
7 | |------|---------|
8 | | [terraform](#requirement\_terraform) | >= 1.3.0 |
9 | | [aws](#requirement\_aws) | >= 3.41 |
10 |
11 | ## Providers
12 |
13 | | Name | Version |
14 | |------|---------|
15 | | [test](#provider\_test) | n/a |
16 |
17 | ## Modules
18 |
19 | | Name | Source | Version |
20 | |------|--------|---------|
21 | | [this](#module\_this) | ../.. | n/a |
22 |
23 | ## Resources
24 |
25 | | Name | Type |
26 | |------|------|
27 | | test_assertions.dummy | resource |
28 |
29 | ## Inputs
30 |
31 | No inputs.
32 |
33 | ## Outputs
34 |
35 | No outputs.
36 |
37 |
--------------------------------------------------------------------------------
/modules/ssl-certificate/tests/certificate/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | test = {
4 | source = "terraform.io/builtin/test"
5 | }
6 |
7 | aws = {
8 | source = "hashicorp/aws"
9 | version = ">= 3.41"
10 | }
11 | }
12 |
13 | required_version = ">= 1.3.0"
14 | }
15 |
16 | /**
17 | * set the following env vars so that aws provider will get authenticated before apply:
18 |
19 | export AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxxxxxx
20 | export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxx
21 | */
22 | provider "aws" {
23 | region = "eu-central-1"
24 | }
25 |
--------------------------------------------------------------------------------
/modules/ssl-certificate/tests/certificate/1-example.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../.."
3 |
4 | validate = false
5 | domain = "*.dasmeta.com"
6 | }
7 |
8 | output "records" {
9 | value = module.this.cname_records
10 | }
11 |
--------------------------------------------------------------------------------
/modules/ssl-certificate/tests/certificate/2-assert.tf:
--------------------------------------------------------------------------------
1 | resource "test_assertions" "dummy" {
2 | component = "this"
3 |
4 | equal "scheme" {
5 | description = "As module does not have any output and data just make sure the case runs. Probably can be thrown away."
6 | got = "all good"
7 | want = "all good"
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/modules/ssl-certificate/tests/certificate/README.md:
--------------------------------------------------------------------------------
1 | # certificate
2 |
3 |
4 | ## Requirements
5 |
6 | | Name | Version |
7 | |------|---------|
8 | | [terraform](#requirement\_terraform) | >= 1.3.0 |
9 | | [aws](#requirement\_aws) | >= 3.41 |
10 |
11 | ## Providers
12 |
13 | | Name | Version |
14 | |------|---------|
15 | | [test](#provider\_test) | n/a |
16 |
17 | ## Modules
18 |
19 | | Name | Source | Version |
20 | |------|--------|---------|
21 | | [this](#module\_this) | ../.. | n/a |
22 |
23 | ## Resources
24 |
25 | | Name | Type |
26 | |------|------|
27 | | test_assertions.dummy | resource |
28 |
29 | ## Inputs
30 |
31 | No inputs.
32 |
33 | ## Outputs
34 |
35 | | Name | Description |
36 | |------|-------------|
37 | | [records](#output\_records) | n/a |
38 |
39 |
--------------------------------------------------------------------------------
/modules/ssl-certificate/tests/certificate_wtih_validation/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | test = {
4 | source = "terraform.io/builtin/test"
5 | }
6 |
7 | aws = {
8 | source = "hashicorp/aws"
9 | version = ">= 3.41"
10 | }
11 | }
12 |
13 | required_version = ">= 1.3.0"
14 | }
15 |
16 | /**
17 | * set the following env vars so that aws provider will get authenticated before apply:
18 |
19 | export AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxxxxxx
20 | export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxx
21 | */
22 | provider "aws" {
23 | region = "eu-central-1"
24 | }
25 |
--------------------------------------------------------------------------------
/modules/ssl-certificate/tests/certificate_wtih_validation/1-example.tf:
--------------------------------------------------------------------------------
1 | module "this" {
2 | source = "../.."
3 |
4 | domain = "dasmeta.com"
5 | alternative_domains = ["*.dasmeta.com", "*.a.dasmeta.com", "b.dasmeta.com"]
6 | alternative_zones = ["dasmeta.com", "a.dasmeta.com", "b.dasmeta.com"]
7 | zone = "dasmeta.com"
8 | }
9 |
--------------------------------------------------------------------------------
/modules/ssl-certificate/tests/certificate_wtih_validation/2-assert.tf:
--------------------------------------------------------------------------------
1 | resource "test_assertions" "dummy" {
2 | component = "this"
3 |
4 | equal "scheme" {
5 | description = "As module does not have any output and data just make sure the case runs. Probably can be thrown away."
6 | got = "all good"
7 | want = "all good"
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/modules/ssl-certificate/tests/certificate_wtih_validation/README.md:
--------------------------------------------------------------------------------
1 | # certificate_wtih_validation
2 |
3 |
4 | ## Requirements
5 |
6 | | Name | Version |
7 | |------|---------|
8 | | [terraform](#requirement\_terraform) | >= 1.3.0 |
9 | | [aws](#requirement\_aws) | >= 3.41 |
10 |
11 | ## Providers
12 |
13 | | Name | Version |
14 | |------|---------|
15 | | [test](#provider\_test) | n/a |
16 |
17 | ## Modules
18 |
19 | | Name | Source | Version |
20 | |------|--------|---------|
21 | | [this](#module\_this) | ../.. | n/a |
22 |
23 | ## Resources
24 |
25 | | Name | Type |
26 | |------|------|
27 | | test_assertions.dummy | resource |
28 |
29 | ## Inputs
30 |
31 | No inputs.
32 |
33 | ## Outputs
34 |
35 | No outputs.
36 |
37 |
--------------------------------------------------------------------------------
/modules/ssl-certificate/variables.tf:
--------------------------------------------------------------------------------
1 | variable "domain" {
2 | type = string
3 | description = "Main domain name for ssl certificate."
4 | }
5 |
6 | variable "alternative_domains" {
7 | type = list(string)
8 | description = "Subdomain or other domain or wildcard for the certificate."
9 | default = []
10 | }
11 |
12 | variable "zone" {
13 | type = string
14 | description = "R53 zone name where the certificate can be validated. Can be the same like domain"
15 | default = ""
16 | }
17 |
18 | variable "alternative_zones" {
19 | type = list(string)
20 | description = "This variable uses route53. Must equal to alternative_domains. (Note. When you use wildcard must be equal to main zone)"
21 | default = [""]
22 | }
23 |
24 | variable "tags" {
25 | type = any
26 | description = "tags"
27 | default = {}
28 | }
29 |
30 | variable "validate" {
31 | type = bool
32 | description = "Whether validate the certificate in R53 zone or not."
33 | default = true
34 | }
35 |
--------------------------------------------------------------------------------
/modules/vpc-flow-logs-to-s3-to-cloudwatch/variables.tf:
--------------------------------------------------------------------------------
1 | variable "create_lambda_s3_to_cloudwatch" {
2 | type = bool
3 | default = true
4 | }
5 |
6 | variable "create_bucket" {
7 | type = bool
8 | default = true
9 | }
10 |
11 | variable "bucket_name" {
12 | type = string
13 | default = ""
14 | }
15 |
16 |
17 | variable "account_id" {
18 | type = string
19 | default = ""
20 | }
21 |
--------------------------------------------------------------------------------
/modules/vpc-flow-logs-to-s3-to-cloudwatch/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "~> 4.16"
6 | }
7 | }
8 |
9 | required_version = "~> 1.0"
10 | }
11 |
--------------------------------------------------------------------------------
/modules/vpc-flow-logs-to-s3-to-cloudwatch/vpc-logs-to-cloudwatch/.gitignore:
--------------------------------------------------------------------------------
1 | *.zip
2 |
--------------------------------------------------------------------------------
/modules/vpc-flow-logs-to-s3-to-cloudwatch/vpc-logs-to-cloudwatch/outputs.tf:
--------------------------------------------------------------------------------
1 | output "function_arn" {
2 | value = module.lambda.arn
3 | }
4 |
5 | output "function_name" {
6 | value = module.lambda.function_name
7 | }
8 |
--------------------------------------------------------------------------------
/modules/vpc-flow-logs-to-s3-to-cloudwatch/vpc-logs-to-cloudwatch/variables.tf:
--------------------------------------------------------------------------------
1 | variable "function_name" {
2 | type = string
3 | default = ""
4 | }
5 |
6 | variable "bucket_name" {
7 | type = string
8 | }
9 |
10 | variable "log_group_name" {
11 | type = string
12 | }
13 |
14 | variable "memory_size" {
15 | description = "Memory size for Lambda function"
16 | type = number
17 | default = null
18 | }
19 |
20 | variable "timeout" {
21 | description = "Timeout for Lambda function"
22 | type = number
23 | default = null
24 | }
25 |
26 | variable "create_alarm" {
27 | type = bool
28 | default = false
29 | }
30 |
--------------------------------------------------------------------------------
/modules/vpc/main.tf:
--------------------------------------------------------------------------------
1 | module "vpc" {
2 | source = "terraform-aws-modules/vpc/aws"
3 | version = "2.77.0"
4 |
5 | count = var.create_vpc ? 1 : 0
6 | name = var.vpc_name
7 | cidr = var.cidr
8 | azs = var.availability_zones
9 | private_subnets = var.private_subnets
10 | public_subnets = var.public_subnets
11 | enable_nat_gateway = var.enable_nat_gateway
12 | single_nat_gateway = var.single_nat_gateway
13 | enable_dns_hostnames = var.enable_dns_hostnames
14 | enable_dns_support = var.enable_dns_support
15 |
16 | public_subnet_tags = var.public_subnet_tags
17 | private_subnet_tags = var.private_subnet_tags
18 | # public_subnet_tags = {
19 | # "kubernetes.io/cluster/${local.cluster_name}" = "shared"
20 | # "kubernetes.io/role/elb" = "1"
21 | # }
22 |
23 | # private_subnet_tags = {
24 | # "kubernetes.io/cluster/${local.cluster_name}" = "shared"
25 | # "kubernetes.io/role/internal-elb" = "1"
26 | # }
27 | }
28 |
--------------------------------------------------------------------------------
/modules/vpc/outputs.tf:
--------------------------------------------------------------------------------
1 | output "vpc_id" {
2 | value = module.vpc[0].vpc_id
3 | }
4 |
5 | output "vpc_private_subnets" {
6 | value = module.vpc[0].private_subnets
7 | }
8 |
9 | output "vpc_public_subnets" {
10 | value = module.vpc[0].public_subnets
11 | }
12 |
13 | output "vpc_cidr_block" {
14 | value = module.vpc[0].vpc_cidr_block
15 | }
16 |
17 | output "default_security_group_id" {
18 | value = module.vpc[0].default_security_group_id
19 | }
20 |
--------------------------------------------------------------------------------
/modules/waf/data.tf:
--------------------------------------------------------------------------------
1 | data "aws_region" "current" {}
2 |
--------------------------------------------------------------------------------
/modules/waf/output.tf:
--------------------------------------------------------------------------------
1 | output "web_acl_id" {
2 | value = module.waf.web_acl_id
3 | }
4 |
5 | output "web_acl_arn" {
6 | value = module.waf.web_acl_arn
7 | }
8 |
--------------------------------------------------------------------------------
/modules/waf/tests/alb-association-block-mode/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "~> 4.52"
6 | }
7 | }
8 | }
9 |
10 | provider "aws" {
11 | region = "eu-central-1"
12 | }
13 |
14 | # get region default vpc and its public subnets
15 | data "aws_vpc" "default" {
16 | default = true
17 | provider = aws
18 | }
19 |
20 | data "aws_subnets" "default" {
21 | filter {
22 | name = "vpc-id"
23 | values = [data.aws_vpc.default.id]
24 | }
25 | }
26 |
27 | # create test alb
28 | resource "aws_lb" "test" {
29 | name = "test-waf-alb-association-bm"
30 | provider = aws
31 | subnets = data.aws_subnets.default.ids
32 | }
33 |
--------------------------------------------------------------------------------
/modules/waf/tests/alb-association-block-mode/1-example.tf:
--------------------------------------------------------------------------------
1 | module "waf_alb" {
2 | source = "../../"
3 | name = "waf_test"
4 |
5 | create_alb_association = true
6 |
7 | alb_arn_list = [aws_lb.test.arn]
8 | visibility_config = {
9 | metric_name = "waf_test"
10 | }
11 |
12 | alarms = {
13 | enabled = false
14 | sns_topic = ""
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/modules/waf/tests/alb-association-block-mode/main.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dasmeta/terraform-aws-modules/7f0739f1589f107de5ff9239e439a4e82f78a7ff/modules/waf/tests/alb-association-block-mode/main.tf
--------------------------------------------------------------------------------
/modules/waf/tests/alb-association-count-mode/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "~> 4.52"
6 | }
7 | }
8 | }
9 |
10 | provider "aws" {
11 | region = "eu-central-1"
12 | }
13 |
14 | # get region default vpc and its public subnets
15 | data "aws_vpc" "default" {
16 | default = true
17 | provider = aws
18 | }
19 |
20 | data "aws_subnets" "default" {
21 | filter {
22 | name = "vpc-id"
23 | values = [data.aws_vpc.default.id]
24 | }
25 | }
26 |
27 | # create test alb
28 | resource "aws_lb" "test" {
29 | name = "test-waf-alb-association-cm"
30 | provider = aws
31 | subnets = data.aws_subnets.default.ids
32 | }
33 |
--------------------------------------------------------------------------------
/modules/waf/tests/alb-association-count-mode/1-example.tf:
--------------------------------------------------------------------------------
1 | module "waf_alb" {
2 | source = "../../"
3 | name = "waf_test_count"
4 |
5 | mode = "count"
6 | create_alb_association = true
7 |
8 | alb_arn_list = [aws_lb.test.arn]
9 | visibility_config = {
10 | metric_name = "waf_test_count"
11 | }
12 |
13 | alarms = {
14 | enabled = false
15 | sns_topic = ""
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/modules/waf/tests/overwrite-alarms/0-setup.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "~> 5.0"
6 | }
7 | }
8 | }
9 |
10 | provider "aws" {
11 | region = "eu-central-1"
12 | }
13 |
14 | # get region default vpc and its public subnets
15 | data "aws_vpc" "default" {
16 | default = true
17 | provider = aws
18 | }
19 |
20 | data "aws_subnets" "default" {
21 | filter {
22 | name = "vpc-id"
23 | values = [data.aws_vpc.default.id]
24 | }
25 | }
26 |
27 | # create test alb
28 | resource "aws_lb" "test1" {
29 | name = "test-waf-alb-association-1"
30 | provider = aws
31 | subnets = data.aws_subnets.default.ids
32 | }
33 |
34 | # create test alb
35 | resource "aws_lb" "test2" {
36 | name = "test-waf-alb-association-2"
37 | provider = aws
38 | subnets = data.aws_subnets.default.ids
39 | }
40 |
--------------------------------------------------------------------------------
/modules/waf/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = "> 1.3.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.50, < 6.0"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "app",
3 | "devDependencies": {
4 | "@commitlint/cli": "^17.0.3",
5 | "@commitlint/config-conventional": "^17.0.3",
6 | "husky": "^8.0.1",
7 | "@semantic-release/github": "^8.0.4",
8 | "semantic-release": "^19.0.3"
9 | },
10 | "release": {
11 | "branches": [
12 | "main", "master", "next"
13 | ]
14 | },
15 | "private": true,
16 | "plugins": [
17 | "@semantic-release/commit-analyzer",
18 | "@semantic-release/release-notes-generator",
19 | "@semantic-release/github",
20 | "@semantic-release/npm"
21 | ]
22 | }
23 |
--------------------------------------------------------------------------------