├── .github └── workflows │ ├── rds.yaml │ └── terraform.yml ├── .gitignore ├── README.md ├── apps ├── alb-asg │ ├── main.tf │ ├── outputs.tf │ └── variables.tf └── ec2 │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── environments └── dev │ └── acm │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── infra ├── acm │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── backend │ ├── main.tf │ └── variables.tf ├── eks-cluster │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── iam-policies │ ├── alb-asg.json │ └── ec2.json ├── rds │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── route53 │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── ses │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── sg │ └── variables.tf ├── tag-policy │ ├── main.tf │ ├── outputs.tf │ └── variables.tf └── vpc │ ├── main.tf │ └── variables.tf ├── modules ├── acm │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── alb │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── asg │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── cloudwatch │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── ec2 │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── eks │ ├── addons.tf │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── iam-policy │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── rds │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── route53 │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── security-group │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── ses │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── tag-policy │ ├── main.tf │ ├── outputs.tf │ └── variables.tf └── vpc │ ├── endpoint.tf │ ├── internet-gateway.tf │ ├── nacl.tf │ ├── nat-gateway.tf │ ├── outputs.tf │ ├── route-tables.tf │ ├── subnet.tf │ ├── variables.tf │ └── vpc.tf ├── provider.tf └── vars └── dev ├── acm.tfvars ├── alb-asg.tfvars ├── backend.tfvars ├── ec2.tfvars ├── eks.tfvars ├── rds.tfvars ├── route53.tfvars ├── ses.tfvars ├── tag-policy.tfvars └── vpc.tfvars /.github/workflows/rds.yaml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /.github/workflows/terraform.yml: -------------------------------------------------------------------------------- 1 | name: Deploy Infrastructure 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | tf_fmt: 10 | name: Deploy Site 11 | runs-on: ubuntu-latest 12 | steps: 13 | 14 | - name: Checkout Repo 15 | uses: actions/checkout@v1 16 | 17 | - name: Terraform Init 18 | uses: hashicorp/terraform-github-actions/init@v0.4.0 19 | env: 20 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 21 | TF_ACTION_WORKING_DIR: 'terraform' 22 | AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} 23 | AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} 24 | 25 | - name: Terraform Validate 26 | uses: hashicorp/terraform-github-actions/validate@v0.3.7 27 | 28 | - name: Terraform Apply 29 | uses: hashicorp/terraform-github-actions/apply@v0.4.0 30 | env: 31 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 32 | TF_ACTION_WORKING_DIR: 'terraform' 33 | AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} 34 | AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} 35 | 36 | - name: Sync S3 37 | uses: jakejarvis/s3-sync-action@master 38 | env: 39 | SOURCE_DIR: './src' 40 | AWS_REGION: 'us-east-1' 41 | AWS_S3_BUCKET: '[BUCKET_NAME_HERE]' 42 | AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} 43 | AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | .terraform.lock.hcl 8 | .terraform 9 | # Crash log files 10 | crash.log 11 | 12 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 13 | # .tfvars files are managed as part of configuration and so should be included in 14 | # version control. 15 | # 16 | # example.tfvars 17 | 18 | # Ignore override files as they are usually used to override resources locally and so 19 | # are not checked in 20 | override.tf 21 | override.tf.json 22 | *_override.tf 23 | *_override.tf.json 24 | 25 | # Include override files you do wish to add to version control using negated pattern 26 | # 27 | # !example_override.tf 28 | 29 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 30 | # example: *tfplan* 31 | .DS_Store -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Terraform AWS 2 | -------------------------------------------------------------------------------- /apps/alb-asg/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | module "iam-policy" { 6 | source = "../../../modules/iam-policy" 7 | owner = var.owner 8 | environment = var.environment 9 | cost_center = var.cost_center 10 | application = var.application 11 | } 12 | 13 | module "alb-sg" { 14 | source = "../../../modules/security-group" 15 | region = var.region 16 | tags = var.tags 17 | name = "${var.environment}-${var.application}" 18 | environment = var.environment 19 | owner = var.owner 20 | cost_center = var.cost_center 21 | application = "${var.application}-alb" 22 | vpc_id = var.vpc_id 23 | 24 | ingress_cidr_from_port = var.alb_ingress_cidr_from_port 25 | ingress_cidr_to_port = var.alb_ingress_cidr_to_port 26 | ingress_cidr_protocol = var.ingress_cidr_protocol 27 | ingress_cidr_block = var.alb_ingress_cidr_block 28 | create_ingress_cidr = var.alb_create_ingress_cidr 29 | 30 | ingress_sg_from_port = var.alb_ingress_sg_from_port 31 | ingress_sg_to_port = var.alb_ingress_sg_to_port 32 | ingress_sg_protocol = var.alb_ingress_sg_protocol 33 | ingress_security_group_ids = var.ingress_security_group_ids 34 | create_ingress_sg = var.alb_create_ingress_sg 35 | 36 | egress_cidr_from_port = var.alb_egress_cidr_from_port 37 | egress_cidr_to_port = var.alb_egress_cidr_to_port 38 | egress_cidr_protocol = var.alb_egress_cidr_protocol 39 | egress_cidr_block = var.alb_egress_cidr_block 40 | create_egress_cidr = var.alb_create_egress_cidr 41 | 42 | egress_sg_from_port = var.alb_egress_sg_from_port 43 | egress_sg_to_port = var.alb_egress_sg_to_port 44 | egress_sg_protocol = var.alb_egress_sg_protocol 45 | egress_security_group_ids = var.egress_security_group_ids 46 | create_egress_sg = var.alb_create_egress_sg 47 | } 48 | 49 | module "alb" { 50 | source = "../../../modules/alb" 51 | region = var.region 52 | internal = var.internal 53 | loadbalancer_type = var.loadbalancer_type 54 | vpc_id = var.vpc_id 55 | alb_subnets = var.alb_subnets 56 | target_group_port = var.target_group_port 57 | target_group_protocol = var.target_group_protocol 58 | target_type = var.target_type 59 | load_balancing_algorithm = var.load_balancing_algorithm 60 | health_check_path = var.health_check_path 61 | health_check_port = var.health_check_port 62 | health_check_protocol = var.health_check_protocol 63 | health_check_interval = var.health_check_interval 64 | health_check_timeout = var.health_check_timeout 65 | health_check_healthy_threshold = var.health_check_healthy_threshold 66 | health_check_unhealthy_threshold= var.health_check_unhealthy_threshold 67 | listener_port = var.listener_port 68 | listener_protocol = var.listener_protocol 69 | listener_type = var.listener_type 70 | owner = var.owner 71 | environment = var.environment 72 | cost_center = var.cost_center 73 | application = var.application 74 | security_group_ids = module.alb-sg.security_group_ids 75 | } 76 | 77 | module "instance-sg" { 78 | source = "../../../modules/security-group" 79 | region = var.region 80 | tags = var.tags 81 | name = "${var.environment}-${var.application}" 82 | environment = var.environment 83 | owner = var.owner 84 | cost_center = var.cost_center 85 | application = var.application 86 | vpc_id = var.vpc_id 87 | 88 | ingress_cidr_from_port = var.ingress_cidr_from_port 89 | ingress_cidr_to_port = var.ingress_cidr_to_port 90 | ingress_cidr_protocol = var.ingress_cidr_protocol 91 | ingress_cidr_block = var.ingress_cidr_block 92 | create_ingress_cidr = var.create_ingress_cidr 93 | 94 | ingress_sg_from_port = var.ingress_sg_from_port 95 | ingress_sg_to_port = var.ingress_sg_to_port 96 | ingress_sg_protocol = var.ingress_sg_protocol 97 | ingress_security_group_ids = module.alb-sg.security_group_ids 98 | create_ingress_sg = var.create_ingress_sg 99 | 100 | egress_cidr_from_port = var.egress_cidr_from_port 101 | egress_cidr_to_port = var.egress_cidr_to_port 102 | egress_cidr_protocol = var.egress_cidr_protocol 103 | egress_cidr_block = var.egress_cidr_block 104 | create_egress_cidr = var.create_egress_cidr 105 | 106 | egress_sg_from_port = var.egress_sg_from_port 107 | egress_sg_to_port = var.egress_sg_to_port 108 | egress_sg_protocol = var.egress_sg_protocol 109 | egress_security_group_ids = module.alb-sg.security_group_ids 110 | create_egress_sg = var.create_egress_sg 111 | } 112 | 113 | module "asg" { 114 | source = "../../../modules/asg" 115 | ami_id = var.ami_id 116 | instance_type = var.instance_type 117 | key_name = var.key_name 118 | vpc_id = var.vpc_id 119 | asg_subnets = var.asg_subnets 120 | public_access = var.public_access 121 | user_data = var.user_data 122 | max_size = var.max_size 123 | min_size = var.min_size 124 | desired_capacity = var.desired_capacity 125 | propagate_at_launch = var.propagate_at_launch 126 | owner = var.owner 127 | environment = var.environment 128 | cost_center = var.cost_center 129 | application = var.application 130 | instance_warmup_time = var.instance_warmup_time 131 | target_value = var.target_value 132 | alb_target_group_arn = module.alb.alb_target_group_arn 133 | iam_role = module.iam-policy.iam_role 134 | security_group_ids = module.instance-sg.security_group_ids 135 | tags = { 136 | Owner = "${var.owner}" 137 | Environment = "${var.environment}" 138 | Cost_center = "${var.cost_center}" 139 | Application = "${var.application}" 140 | } 141 | } 142 | 143 | -------------------------------------------------------------------------------- /apps/alb-asg/outputs.tf: -------------------------------------------------------------------------------- 1 | output "load_balancer_dns_name" { 2 | description = "LoadBalancer dns name" 3 | value = module.alb.load_balancer_dns_name 4 | } 5 | 6 | output "auto_scaling_group_name" { 7 | description = "Auto scaling group name" 8 | value = module.asg.auto_scaling_group_name 9 | } 10 | 11 | output "launch_template_id" { 12 | description = " launch template id" 13 | value = module.asg.launch_template_id 14 | } 15 | -------------------------------------------------------------------------------- /apps/alb-asg/variables.tf: -------------------------------------------------------------------------------- 1 | variable "tags" { 2 | default = {} 3 | type = map(string) 4 | description = "Extra tags to attach to the alb-asg resources" 5 | } 6 | 7 | variable "region" { 8 | type = string 9 | description = "Region of the alb-asg" 10 | } 11 | 12 | variable "internal" { 13 | description = "Whether the load balancer is internal or not" 14 | type = bool 15 | } 16 | 17 | variable "loadbalancer_type" { 18 | description = "Load balancer type" 19 | type = string 20 | } 21 | 22 | variable "alb_subnets" { 23 | description = "A list of subnet IDs to use for the resources." 24 | type = list(string) 25 | } 26 | 27 | variable "target_group_port" { 28 | description = "Target group port" 29 | type = number 30 | } 31 | 32 | variable "target_group_protocol" { 33 | description = "Target group protocol" 34 | type = string 35 | } 36 | 37 | variable "target_type" { 38 | description = "Target type" 39 | type = string 40 | } 41 | 42 | variable "load_balancing_algorithm" { 43 | description = "Specify the load balancing algorithm type" 44 | type = string 45 | } 46 | 47 | variable "health_check_path" { 48 | description = "Health check path" 49 | type = string 50 | } 51 | 52 | variable "health_check_port" { 53 | description = "Health check port" 54 | type = number 55 | } 56 | 57 | variable "health_check_protocol" { 58 | description = "Health check protocol" 59 | type = string 60 | } 61 | 62 | variable "health_check_interval" { 63 | description = "Health check interval" 64 | type = number 65 | } 66 | 67 | variable "health_check_timeout" { 68 | description = "Health check timeout" 69 | type = number 70 | } 71 | 72 | variable "health_check_healthy_threshold" { 73 | description = "Health check healthy threshold" 74 | type = number 75 | } 76 | 77 | variable "health_check_unhealthy_threshold" { 78 | description = "Health check unhealthy threshold" 79 | type = number 80 | } 81 | 82 | variable "listener_port" { 83 | description = "Listener port" 84 | type = number 85 | } 86 | 87 | variable "listener_protocol" { 88 | description = "Listener protocol" 89 | type = string 90 | } 91 | 92 | variable "listener_type" { 93 | description = "Listener type" 94 | type = string 95 | } 96 | 97 | 98 | variable "ami_id" { 99 | type = string 100 | description = "The ID of the Amazon Machine Image (AMI) to use for the EC2 instances." 101 | } 102 | 103 | variable "instance_type" { 104 | type = string 105 | description = "The type of EC2 instance to use for the ASG." 106 | } 107 | 108 | variable "key_name" { 109 | type = string 110 | description = "The name of the EC2 key pair to use for the instances." 111 | } 112 | 113 | variable "vpc_id" { 114 | type = string 115 | description = "The ID of the VPC to use for the resources." 116 | } 117 | 118 | variable "asg_subnets" { 119 | description = "A list of subnet IDs to use for the resources." 120 | type = list(string) 121 | } 122 | 123 | variable "public_access" { 124 | description = "Whether the instance is public or not" 125 | type = bool 126 | } 127 | 128 | variable "user_data" { 129 | description = "user data script" 130 | type = string 131 | } 132 | 133 | variable "max_size" { 134 | description = "Maximum size of something" 135 | type = number 136 | } 137 | 138 | variable "min_size" { 139 | description = "Minimum size of something" 140 | type = number 141 | } 142 | 143 | variable "desired_capacity" { 144 | description = "Desired capacity of something" 145 | type = number 146 | } 147 | 148 | variable "propagate_at_launch" { 149 | description = "To enable ot disable propagate_at_launch" 150 | type = bool 151 | } 152 | 153 | variable "owner" { 154 | type = string 155 | description = "Name of owner" 156 | } 157 | 158 | variable "environment" { 159 | type = string 160 | description = "The environment name for the resources." 161 | } 162 | 163 | variable "cost_center" { 164 | type = string 165 | description = "Name of cost-center for this alb-asg" 166 | } 167 | 168 | variable "application" { 169 | type = string 170 | description = "Name of the application" 171 | } 172 | 173 | variable "ingress_cidr_block" { 174 | type = list(string) 175 | description = "CIDR blocks for the security group ingress rules" 176 | } 177 | 178 | variable "ingress_cidr_from_port" { 179 | description = "The starting port for ingress rules" 180 | type = list(number) 181 | } 182 | 183 | variable "ingress_cidr_to_port" { 184 | description = "The ending port for ingress rules" 185 | type = list(number) 186 | } 187 | 188 | variable "ingress_cidr_protocol" { 189 | description = "The protocol for ingress rules" 190 | type = list(any) 191 | } 192 | 193 | variable "create_ingress_cidr" { 194 | description = "Whether to create the ingress cidr or not" 195 | type = bool 196 | } 197 | 198 | variable "ingress_sg_from_port" { 199 | type = list(number) 200 | description = "List of starting ports for sg ingress rules" 201 | } 202 | 203 | variable "ingress_sg_to_port" { 204 | type = list(number) 205 | description = "List of ending ports for sg ingress rules" 206 | } 207 | 208 | variable "ingress_sg_protocol" { 209 | type = list(any) 210 | description = "List of protocols for sg ingress rules" 211 | } 212 | 213 | variable "ingress_security_group_ids" { 214 | type = list(string) 215 | default = [ "sg-0fe4363da3994c100" ] 216 | description = "List of Security Group ids for sg ingress rules" 217 | } 218 | 219 | variable "create_ingress_sg" { 220 | type = bool 221 | description = "Enable or disable Security Groups ingress rules." 222 | } 223 | 224 | variable "egress_cidr_block" { 225 | type = list(string) 226 | description = "CIDR blocks for group egress rules" 227 | } 228 | 229 | variable "egress_cidr_from_port" { 230 | description = "The starting port for egress rules" 231 | type = list(number) 232 | } 233 | 234 | variable "egress_cidr_to_port" { 235 | description = "The ending port for egress rules" 236 | type = list(number) 237 | } 238 | 239 | variable "egress_cidr_protocol" { 240 | description = "The protocol for egress rules" 241 | type = list(any) 242 | } 243 | 244 | variable "create_egress_cidr" { 245 | type = bool 246 | description = "Enable or disable CIDR block egress rules." 247 | } 248 | 249 | variable "egress_sg_from_port" { 250 | description = "The starting port for egress rules" 251 | type = list(number) 252 | } 253 | 254 | variable "egress_sg_to_port" { 255 | description = "The ending port for egress rules" 256 | type = list(number) 257 | } 258 | 259 | variable "egress_sg_protocol" { 260 | description = "The protocol for egress rules" 261 | type = list(any) 262 | } 263 | 264 | variable "egress_security_group_ids" { 265 | type = list(string) 266 | default = [ "sg-0fe4363da3994c100" ] 267 | description = "List of Security Group ids for sg egress rules" 268 | } 269 | 270 | variable "create_egress_sg" { 271 | type = bool 272 | description = "Enable or disable CIDR block egress rules." 273 | } 274 | 275 | 276 | variable "alb_ingress_cidr_block" { 277 | type = list(string) 278 | description = "CIDR blocks for the security group ingress rules" 279 | } 280 | 281 | variable "alb_ingress_cidr_from_port" { 282 | description = "The starting port for ingress rules" 283 | type = list(number) 284 | } 285 | 286 | variable "alb_ingress_cidr_to_port" { 287 | description = "The ending port for ingress rules" 288 | type = list(number) 289 | } 290 | 291 | variable "alb_ingress_cidr_protocol" { 292 | description = "The protocol for ingress rules" 293 | type = list(any) 294 | } 295 | 296 | variable "alb_create_ingress_cidr" { 297 | description = "Whether to create the ingress cidr or not" 298 | type = bool 299 | } 300 | 301 | variable "alb_ingress_sg_from_port" { 302 | type = list(number) 303 | description = "List of starting ports for sg ingress rules" 304 | } 305 | 306 | variable "alb_ingress_sg_to_port" { 307 | type = list(number) 308 | description = "List of ending ports for sg ingress rules" 309 | } 310 | 311 | variable "alb_ingress_sg_protocol" { 312 | type = list(any) 313 | description = "List of protocols for sg ingress rules" 314 | } 315 | 316 | variable "alb_create_ingress_sg" { 317 | type = bool 318 | description = "Enable or disable Security Groups ingress rules." 319 | } 320 | 321 | variable "alb_egress_cidr_block" { 322 | type = list(string) 323 | description = "CIDR blocks for the security group egress rules" 324 | } 325 | 326 | variable "alb_egress_cidr_from_port" { 327 | description = "The starting port for egress rules" 328 | type = list(number) 329 | } 330 | 331 | variable "alb_egress_cidr_to_port" { 332 | description = "The ending port for egress rules" 333 | type = list(number) 334 | } 335 | 336 | variable "alb_egress_cidr_protocol" { 337 | description = "The protocol for egress rules" 338 | type = list(any) 339 | } 340 | 341 | variable "alb_create_egress_cidr" { 342 | type = bool 343 | description = "Enable or disable CIDR block egress rules." 344 | } 345 | 346 | variable "alb_egress_sg_from_port" { 347 | description = "The starting port for egress rules" 348 | type = list(number) 349 | } 350 | 351 | variable "alb_egress_sg_to_port" { 352 | description = "The ending port for egress rules" 353 | type = list(number) 354 | } 355 | 356 | variable "alb_egress_sg_protocol" { 357 | description = "The protocol for egress rules" 358 | type = list(any) 359 | } 360 | 361 | variable "alb_create_egress_sg" { 362 | type = bool 363 | description = "Enable or disable CIDR block egress rules." 364 | } 365 | 366 | variable "instance_warmup_time" { 367 | description = "Time required to warm up a new instance" 368 | type = number 369 | } 370 | 371 | variable "target_value" { 372 | description = "Threshold value of asg to start scaling" 373 | type = number 374 | } -------------------------------------------------------------------------------- /apps/ec2/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | module "iam-policy" { 6 | source = "../../../modules/iam-policy" 7 | iam_policy_json_file = var.iam_policy_json_file 8 | owner = var.owner 9 | environment = var.environment 10 | cost_center = var.cost_center 11 | application = var.application 12 | } 13 | 14 | module "ec2" { 15 | source = "../../../modules/ec2" 16 | region = var.region 17 | ami_id = var.ami_id 18 | instance_type = var.instance_type 19 | key_name = var.key_name 20 | instance_count = var.instance_count 21 | subnet_ids = var.subnet_ids 22 | associate_public_ip_address = var.associate_public_ip_address 23 | attach_instance_profile = var.attach_instance_profile 24 | iam_role = module.iam-policy.iam_role 25 | security_group_ids = module.security-group.security_group_ids 26 | attach_eip = var.attach_eip 27 | storage_size = var.storage_size 28 | environment = var.environment 29 | owner = var.owner 30 | cost_center = var.cost_center 31 | application = var.application 32 | 33 | } 34 | 35 | module "security-group" { 36 | source = "../../../modules/security-group" 37 | region = var.region 38 | vpc_id = var.vpc_id 39 | 40 | ingress_cidr_from_port = var.ingress_cidr_from_port 41 | ingress_cidr_to_port = var.ingress_cidr_to_port 42 | ingress_cidr_protocol = var.ingress_cidr_protocol 43 | ingress_cidr_block = var.ingress_cidr_block 44 | create_ingress_cidr = var.create_ingress_cidr 45 | ingress_sg_from_port = var.ingress_sg_from_port 46 | ingress_sg_to_port = var.ingress_sg_to_port 47 | ingress_sg_protocol = var.ingress_sg_protocol 48 | ingress_security_group_ids = var.ingress_security_group_ids 49 | create_ingress_sg = var.create_ingress_sg 50 | egress_cidr_from_port = var.egress_cidr_from_port 51 | egress_cidr_to_port = var.egress_cidr_to_port 52 | egress_cidr_protocol = var.egress_cidr_protocol 53 | egress_cidr_block = var.egress_cidr_block 54 | create_egress_cidr = var.create_egress_cidr 55 | egress_sg_from_port = var.egress_sg_from_port 56 | egress_sg_to_port = var.egress_sg_to_port 57 | egress_sg_protocol = var.egress_sg_protocol 58 | egress_security_group_ids = var.egress_security_group_ids 59 | create_egress_sg = var.create_egress_sg 60 | 61 | environment = var.environment 62 | owner = var.owner 63 | cost_center = var.cost_center 64 | application = var.application 65 | } 66 | 67 | 68 | -------------------------------------------------------------------------------- /apps/ec2/outputs.tf: -------------------------------------------------------------------------------- 1 | output "instance_state" { 2 | description = "The state of the ec2 instance " 3 | value = module.ec2.instance_state 4 | } 5 | 6 | output "instance_public_dns" { 7 | description = "The Public DNS address of the ec2 instance" 8 | value = module.ec2.instance_public_dns 9 | } 10 | 11 | output "instance_public_ip" { 12 | description = "The Public Ip address of the ec2 instance" 13 | value = module.ec2.instance_public_ip 14 | } 15 | 16 | output "instance_eip" { 17 | description = "EIP attach to the ec2 instance" 18 | value = module.ec2.instance_eip 19 | } -------------------------------------------------------------------------------- /apps/ec2/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | description = "Region of the EC2 instance" 4 | } 5 | 6 | variable "ami_id" { 7 | type = string 8 | description = "AMI ID of the EC2 instance" 9 | } 10 | 11 | variable "instance_type" { 12 | type = string 13 | description = "Instance type of the EC2 instance" 14 | } 15 | 16 | variable "key_name" { 17 | type = string 18 | description = "Key name of the EC2 instance" 19 | } 20 | 21 | variable "instance_count" { 22 | type = number 23 | description = "Count of the EC2 instances" 24 | } 25 | 26 | variable "subnet_ids" { 27 | type = list(string) 28 | description = "Subnet IDs of the EC2 instance" 29 | } 30 | 31 | variable "vpc_id" { 32 | type = string 33 | description = "VPC ID for the security group" 34 | } 35 | 36 | variable "associate_public_ip_address" { 37 | type = bool 38 | description = "Enable or disable public ip address" 39 | } 40 | 41 | variable "attach_instance_profile" { 42 | type = bool 43 | description = "Attach instance profile or not" 44 | } 45 | 46 | variable "iam_policy_json_file" { 47 | type = string 48 | description = "Name of the json file" 49 | } 50 | 51 | variable "attach_eip" { 52 | type = bool 53 | description = "Attach eip or not" 54 | } 55 | 56 | variable "storage_size" { 57 | type = number 58 | description = "Storage size of the instance" 59 | } 60 | 61 | variable "tags" { 62 | default = {} 63 | type = map(string) 64 | description = "Extra tags to attach to the security group resources" 65 | } 66 | 67 | variable "environment" { 68 | type = string 69 | description = "The environment name for the resources" 70 | } 71 | 72 | variable "owner" { 73 | type = string 74 | description = "Owner's name for the resource" 75 | } 76 | 77 | variable "cost_center" { 78 | type = string 79 | description = "Cost center identifier for the resource" 80 | } 81 | 82 | variable "application" { 83 | type = string 84 | description = "Name of the application related to the resource" 85 | } 86 | 87 | variable "ingress_cidr_from_port" { 88 | type = list(number) 89 | description = "List of starting ports for cidr ingress rules of the EC2 security group." 90 | } 91 | 92 | variable "ingress_cidr_to_port" { 93 | type = list(number) 94 | description = "List of ending ports for cidr ingress rules of the EC2 security group." 95 | } 96 | 97 | variable "ingress_cidr_protocol" { 98 | type = list(string) 99 | description = "List of protocols for cidr ingress rules of the EC2 security group." 100 | } 101 | 102 | variable "ingress_cidr_block" { 103 | type = list(string) 104 | description = "List of CIDR blocks for cidr ingress rules of the EC2 security group." 105 | } 106 | 107 | variable "ingress_sg_from_port" { 108 | type = list(number) 109 | description = "List of starting ports for sg ingress rules of the EC2 security group." 110 | } 111 | 112 | variable "ingress_sg_to_port" { 113 | type = list(number) 114 | description = "List of ending ports for sg ingress rules of the EC2 security group." 115 | } 116 | 117 | variable "ingress_sg_protocol" { 118 | type = list(string) 119 | description = "List of protocols for sg ingress rules of the EC2 security group." 120 | } 121 | 122 | variable "ingress_security_group_ids" { 123 | type = list(string) 124 | description = "List of Security Group ids for sg ingress rules of the EC2 security group." 125 | } 126 | 127 | variable "egress_cidr_from_port" { 128 | type = list(number) 129 | description = "List of starting ports for cidr egress rules of the EC2 security group." 130 | } 131 | 132 | variable "egress_cidr_to_port" { 133 | type = list(number) 134 | description = "List of ending ports for cidr egress rules of the EC2 security group." 135 | } 136 | 137 | variable "egress_cidr_protocol" { 138 | type = list(any) 139 | description = "List of protocols for cidr egress rules of the EC2 security group." 140 | } 141 | 142 | variable "egress_cidr_block" { 143 | type = list(string) 144 | description = "List of CIDR blocks for cidr egress rules of the EC2 security group." 145 | } 146 | 147 | variable "egress_sg_from_port" { 148 | type = list(number) 149 | description = "List of starting ports for sg egress rules of the EC2 security group." 150 | } 151 | 152 | variable "egress_sg_to_port" { 153 | type = list(number) 154 | description = "List of ending ports for sg egress rules of the EC2 security group." 155 | } 156 | 157 | variable "egress_sg_protocol" { 158 | type = list(any) 159 | description = "List of protocols for sg egress rules of the EC2 security group." 160 | } 161 | 162 | variable "egress_security_group_ids" { 163 | type = list(string) 164 | description = "List of Security Group ids for sg egress rules of the EC2 security group." 165 | } 166 | 167 | variable "create_ingress_cidr" { 168 | type = bool 169 | description = "Enable or disable CIDR block ingress rules." 170 | } 171 | 172 | variable "create_ingress_sg" { 173 | type = bool 174 | description = "Enable or disable Security Groups ingress rules." 175 | } 176 | 177 | variable "create_egress_cidr" { 178 | type = bool 179 | description = "Enable or disable CIDR block egress rules." 180 | } 181 | 182 | variable "create_egress_sg" { 183 | type = bool 184 | description = "Enable or disable Security Groups egress rules." 185 | } 186 | 187 | variable "iam_role" { 188 | default = null 189 | description = "IAM role for the instance" 190 | type = string 191 | } -------------------------------------------------------------------------------- /environments/dev/acm/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | module "acm" { 6 | source = "../../../modules/acm" 7 | region = var.region 8 | 9 | domain_name = var.domain_name 10 | validation_method = var.validation_method 11 | key_algorithm = var.key_algorithm 12 | certificate_transparency_logging_preference = var.certificate_transparency_logging_preference 13 | dns_domain_name = var.dns_domain_name 14 | 15 | name = var.name 16 | environment = var.environment 17 | owner = var.owner 18 | cost_center = var.cost_center 19 | application = var.application 20 | } -------------------------------------------------------------------------------- /environments/dev/acm/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cert_domain_name" { 2 | description = "The valid domain name associated with the SSL/TLS certificate." 3 | value = module.acm.cert_domain_name 4 | } 5 | 6 | output "cert_expiry_date" { 7 | description = "The expiration date of the SSL/TLS certificate." 8 | value = module.acm.cert_expiry_date 9 | } 10 | 11 | output "cert_renewal_eligibility" { 12 | description = "Indicates if the SSL/TLS certificate is eligible for renewal." 13 | value = module.acm.cert_renewal_eligibility 14 | } 15 | 16 | output "cert_source" { 17 | description = "The source or type of the SSL/TLS certificate (e.g., 'AMAZON_ISSUED', 'IMPORTED')." 18 | value = module.acm.cert_source 19 | } 20 | -------------------------------------------------------------------------------- /environments/dev/acm/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | description = "The AWS region where the Certificate Manager will be used." 4 | } 5 | 6 | variable "domain_name" { 7 | type = string 8 | description = "The domain name associated with the SSL/TLS certificate." 9 | } 10 | 11 | variable "validation_method" { 12 | type = string 13 | description = "The validation method used for certificate issuance (e.g., DNS, email)." 14 | } 15 | 16 | variable "key_algorithm" { 17 | type = string 18 | description = "The cryptographic key algorithm used for the certificate (e.g., RSA, ECDSA)." 19 | } 20 | 21 | variable "certificate_transparency_logging_preference" { 22 | type = string 23 | description = "The logging preference for certificate transparency (e.g., 'ENABLED' or 'DISABLED')." 24 | } 25 | 26 | variable "tags" { 27 | default = {} 28 | type = map(string) 29 | description = "A map of extra tags to attach to the AWS resources." 30 | } 31 | 32 | variable "name" { 33 | type = string 34 | description = "A user-defined name for the AWS resources." 35 | } 36 | 37 | variable "environment" { 38 | type = string 39 | description = "The name of the environment associated with the AWS resources." 40 | } 41 | 42 | variable "owner" { 43 | type = string 44 | description = "The name of the owner or responsible party for the AWS resources." 45 | } 46 | 47 | variable "cost_center" { 48 | type = string 49 | description = "The identifier for the cost center associated with the AWS resources." 50 | } 51 | 52 | variable "application" { 53 | type = string 54 | description = "The name of the application or project related to the AWS resources." 55 | } 56 | 57 | variable "dns_domain_name" { 58 | type = string 59 | description = "Domain name of the Route 53" 60 | } 61 | -------------------------------------------------------------------------------- /infra/acm/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | module "acm" { 6 | source = "../../modules/acm" 7 | region = var.region 8 | 9 | domain_name = var.domain_name 10 | validation_method = var.validation_method 11 | key_algorithm = var.key_algorithm 12 | certificate_transparency_logging_preference = var.certificate_transparency_logging_preference 13 | dns_domain_name = var.dns_domain_name 14 | 15 | name = var.name 16 | environment = var.environment 17 | owner = var.owner 18 | cost_center = var.cost_center 19 | application = var.application 20 | } -------------------------------------------------------------------------------- /infra/acm/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cert_domain_name" { 2 | description = "The valid domain name associated with the SSL/TLS certificate." 3 | value = module.acm.cert_domain_name 4 | } 5 | 6 | output "cert_expiry_date" { 7 | description = "The expiration date of the SSL/TLS certificate." 8 | value = module.acm.cert_expiry_date 9 | } 10 | 11 | output "cert_renewal_eligibility" { 12 | description = "Indicates if the SSL/TLS certificate is eligible for renewal." 13 | value = module.acm.cert_renewal_eligibility 14 | } 15 | 16 | output "cert_source" { 17 | description = "The source or type of the SSL/TLS certificate (e.g., 'AMAZON_ISSUED', 'IMPORTED')." 18 | value = module.acm.cert_source 19 | } 20 | -------------------------------------------------------------------------------- /infra/acm/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | description = "The AWS region where the Certificate Manager will be used." 4 | } 5 | 6 | variable "domain_name" { 7 | type = string 8 | description = "The domain name associated with the SSL/TLS certificate." 9 | } 10 | 11 | variable "validation_method" { 12 | type = string 13 | description = "The validation method used for certificate issuance (e.g., DNS, email)." 14 | } 15 | 16 | variable "key_algorithm" { 17 | type = string 18 | description = "The cryptographic key algorithm used for the certificate (e.g., RSA, ECDSA)." 19 | } 20 | 21 | variable "certificate_transparency_logging_preference" { 22 | type = string 23 | description = "The logging preference for certificate transparency (e.g., 'ENABLED' or 'DISABLED')." 24 | } 25 | 26 | variable "tags" { 27 | default = {} 28 | type = map(string) 29 | description = "A map of extra tags to attach to the AWS resources." 30 | } 31 | 32 | variable "name" { 33 | type = string 34 | description = "A user-defined name for the AWS resources." 35 | } 36 | 37 | variable "environment" { 38 | type = string 39 | description = "The name of the environment associated with the AWS resources." 40 | } 41 | 42 | variable "owner" { 43 | type = string 44 | description = "The name of the owner or responsible party for the AWS resources." 45 | } 46 | 47 | variable "cost_center" { 48 | type = string 49 | description = "The identifier for the cost center associated with the AWS resources." 50 | } 51 | 52 | variable "application" { 53 | type = string 54 | description = "The name of the application or project related to the AWS resources." 55 | } 56 | 57 | variable "dns_domain_name" { 58 | type = string 59 | description = "Domain name of the Route 53" 60 | } 61 | -------------------------------------------------------------------------------- /infra/backend/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-west-2" 3 | } 4 | 5 | resource "aws_s3_bucket" "state_lock_bucket" { 6 | bucket = "${var.environment}-${var.application}-s3-bucket" 7 | 8 | tags = merge( 9 | { 10 | Name = "${var.environment}-${var.application}-s3-bucket" 11 | Environment = var.environment, 12 | Owner = var.owner, 13 | CostCenter = var.cost_center, 14 | Application = var.application 15 | }, 16 | var.tags 17 | ) 18 | } 19 | 20 | resource "aws_dynamodb_table" "state_lock_table" { 21 | name = "${var.environment}-${var.application}-dynamodb-table" 22 | billing_mode = var.billing_mode 23 | hash_key = var.hash_key 24 | 25 | attribute { 26 | name = var.attribute_name 27 | type = var.attribute_type 28 | } 29 | 30 | tags = merge( 31 | { 32 | Name = "${var.environment}-${var.application}-dynamodb-table" 33 | Environment = var.environment, 34 | Owner = var.owner, 35 | CostCenter = var.cost_center, 36 | Application = var.application 37 | }, 38 | var.tags 39 | ) 40 | } -------------------------------------------------------------------------------- /infra/backend/variables.tf: -------------------------------------------------------------------------------- 1 | variable "tags" { 2 | default = {} 3 | type = map(string) 4 | description = "Extra tags to attach to the alb-asg resources" 5 | } 6 | 7 | variable "region" { 8 | type = string 9 | description = "Region of the alb-asg" 10 | } 11 | 12 | variable "billing_mode" { 13 | type = string 14 | description = "Billing mode for dynamodb" 15 | } 16 | 17 | variable "hash_key" { 18 | type = string 19 | description = "Hash key name of dynamodb" 20 | } 21 | 22 | variable "attribute_name" { 23 | type = string 24 | description = "Attribute name of dynamodb" 25 | } 26 | 27 | variable "attribute_type" { 28 | type = string 29 | description = "Attribute type of dynamodb" 30 | } 31 | 32 | variable "owner" { 33 | type = string 34 | description = "Name of owner" 35 | } 36 | 37 | variable "environment" { 38 | type = string 39 | description = "The environment name for the resources." 40 | } 41 | 42 | variable "cost_center" { 43 | type = string 44 | description = "Name of cost-center for the resources." 45 | } 46 | 47 | variable "application" { 48 | type = string 49 | description = "Name of the application" 50 | } 51 | 52 | -------------------------------------------------------------------------------- /infra/eks-cluster/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | module "eks-cluster" { 6 | source = "../../modules/eks" 7 | cluster_name = var.cluster_name 8 | role_name = var.role_name 9 | vpc_subnets = var.vpc_subnets 10 | node_group_name = var.node_group_name 11 | node_instance_type = var.node_instance_type 12 | node_disk_size = var.node_disk_size 13 | policy_arns = var.policy_arns 14 | eks_addons = var.eks_addons 15 | principal_arn = var.principal_arn 16 | kubernetes_groups = var.kubernetes_groups 17 | access_policy_arn = var.access_policy_arn 18 | } -------------------------------------------------------------------------------- /infra/eks-cluster/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/techiescamp/terraform-aws/62ee9acb36cb028d7086216b0e5f54bcf3563b97/infra/eks-cluster/outputs.tf -------------------------------------------------------------------------------- /infra/eks-cluster/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | description = "Region of the EC2 instance" 4 | } 5 | 6 | variable "cluster_name" { 7 | description = "The name of the EKS cluster" 8 | type = string 9 | } 10 | 11 | variable "role_name" { 12 | description = "Name of the IAM role for EKS" 13 | type = string 14 | } 15 | 16 | variable "vpc_subnets" { 17 | description = "List of VPC subnet IDs" 18 | type = list(string) 19 | } 20 | 21 | variable "node_group_name" { 22 | description = "The name of the node group" 23 | type = string 24 | } 25 | 26 | variable "node_instance_type" { 27 | description = "EC2 instance type for the node group" 28 | type = list(string) 29 | } 30 | 31 | variable "node_disk_size" { 32 | description = "Disk size for the node group instances" 33 | type = number 34 | } 35 | 36 | variable "policy_arns" { 37 | description = "List of IAM policy ARNs to attach to the roles" 38 | type = list(string) 39 | } 40 | 41 | variable "eks_addons" { 42 | description = "List of EKS addons and their versions" 43 | type = map(string) 44 | } 45 | 46 | variable "principal_arn" { 47 | description = "The ARN of the principal" 48 | type = string 49 | } 50 | 51 | variable "kubernetes_groups" { 52 | description = "Kubernetes groups" 53 | type = list(string) 54 | } 55 | 56 | variable "access_policy_arn" { 57 | description = "The ARN of the access policy" 58 | type = string 59 | } 60 | -------------------------------------------------------------------------------- /infra/iam-policies/alb-asg.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "logs:CreateLogGroup", 8 | "logs:CreateLogStream", 9 | "logs:PutLogEvents", 10 | "logs:DescribeLogStreams" 11 | ], 12 | "Resource": [ 13 | "arn:aws:logs:*:*:*" 14 | ] 15 | } 16 | ] 17 | } -------------------------------------------------------------------------------- /infra/iam-policies/ec2.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": "*", 7 | "Resource": "*" 8 | } 9 | ] 10 | } -------------------------------------------------------------------------------- /infra/rds/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | module "rds" { 6 | source = "../../../modules/rds" 7 | region = var.region 8 | subnet_ids = var.subnet_ids 9 | db_engine = var.db_engine 10 | db_storage_type = var.db_storage_type 11 | db_username = var.db_username 12 | set_secret_manager_password = var.set_secret_manager_password 13 | set_db_password = var.set_db_password 14 | db_password = var.db_password 15 | db_instance_class = var.db_instance_class 16 | db_storage_size = var.db_storage_size 17 | from_port = var.from_port 18 | to_port = var.to_port 19 | protocol = var.protocol 20 | cidr_block = var.cidr_block 21 | backup_retention_period = var.backup_retention_period 22 | multi_az = var.multi_az 23 | delete_automated_backups = var.delete_automated_backups 24 | copy_tags_to_snapshot = var.copy_tags_to_snapshot 25 | publicly_accessible = var.publicly_accessible 26 | skip_final_snapshot = var.skip_final_snapshot 27 | apply_immediately = var.apply_immediately 28 | owner = var.owner 29 | cost_center = var.cost_center 30 | environment = var.environment 31 | application = var.application 32 | } -------------------------------------------------------------------------------- /infra/rds/outputs.tf: -------------------------------------------------------------------------------- 1 | 2 | output "rds_address" { 3 | description = "The address of the RDS instance" 4 | value = module.rds.rds_address 5 | } 6 | 7 | output "rds_endpoint" { 8 | description = "The address of the RDS instance" 9 | value = module.rds.rds_endpoint 10 | } 11 | 12 | output "master_user_secret" { 13 | description = "The address of the RDS instance" 14 | value = module.rds.master_user_secret 15 | } 16 | 17 | -------------------------------------------------------------------------------- /infra/rds/variables.tf: -------------------------------------------------------------------------------- 1 | variable "tags" { 2 | default = {} 3 | type = map(string) 4 | description = "Extra tags to attach to the RDS resources" 5 | } 6 | 7 | variable "update_rds_endpoint" { 8 | type = bool 9 | default = true 10 | } 11 | 12 | variable "region" { 13 | type = string 14 | description = "Region of the rds" 15 | } 16 | 17 | variable "environment" { 18 | description = "The environment name for the resources." 19 | } 20 | 21 | variable "owner" { 22 | type = string 23 | description = "Name of the owner for this RDS" 24 | } 25 | 26 | variable "application" { 27 | type = string 28 | description = "Name of the application" 29 | } 30 | 31 | variable "cidr_block" { 32 | type = list(string) 33 | description = "CIDR block for RDS security group" 34 | } 35 | 36 | variable "cost_center" { 37 | type = string 38 | description = "Name of cost-center for this RDS" 39 | } 40 | 41 | variable "db_username" { 42 | description = "The username for the RDS database" 43 | type = string 44 | } 45 | 46 | variable "set_secret_manager_password" { 47 | description = "To enable master user password or not" 48 | type = bool 49 | default = false 50 | } 51 | 52 | variable "db_password" { 53 | description = "Password for RDS" 54 | type = string 55 | } 56 | 57 | variable "db_instance_class" { 58 | description = "The RDS instance class" 59 | type = string 60 | } 61 | 62 | variable "set_db_password" { 63 | description = "Condition to check for custom password" 64 | type = string 65 | } 66 | 67 | variable "db_storage_size" { 68 | description = "The allocated storage size for the RDS instance." 69 | type = number 70 | } 71 | 72 | variable "backup_retention_period" { 73 | description = "The number of days to retain automated backups." 74 | type = number 75 | } 76 | 77 | variable "multi_az" { 78 | description = "Enable multi-AZ deployment for the RDS instance." 79 | type = bool 80 | } 81 | 82 | variable "delete_automated_backups" { 83 | description = "Enable deletion of automated backups when the RDS instance is deleted." 84 | type = bool 85 | } 86 | 87 | variable "copy_tags_to_snapshot" { 88 | description = "Copy tags to DB snapshots created from the RDS instance." 89 | type = bool 90 | } 91 | 92 | variable "publicly_accessible" { 93 | description = "Allow the RDS instance to be publicly accessible." 94 | type = bool 95 | } 96 | 97 | variable "skip_final_snapshot" { 98 | description = "Skip the creation of a final DB snapshot when the RDS instance is deleted." 99 | type = bool 100 | } 101 | 102 | variable "apply_immediately" { 103 | description = "Apply changes immediately to the RDS instance." 104 | type = bool 105 | } 106 | 107 | variable "db_engine" { 108 | description = "The database engine" 109 | type = string 110 | } 111 | 112 | variable "db_storage_type" { 113 | description = "The storage type for the database" 114 | type = string 115 | } 116 | 117 | variable "from_port" { 118 | description = "The starting port for ingress rules" 119 | type = number 120 | } 121 | 122 | variable "to_port" { 123 | description = "The ending port for ingress rules" 124 | type = number 125 | } 126 | 127 | variable "protocol" { 128 | description = "The protocol for ingress rules" 129 | type = string 130 | } 131 | 132 | variable "subnet_ids" { 133 | description = "The IDs of the subnets" 134 | type = list(string) 135 | } 136 | 137 | 138 | 139 | -------------------------------------------------------------------------------- /infra/route53/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | module "route53" { 6 | source = "../../modules/route53" 7 | region = var.region 8 | 9 | dns_domain_name = var.dns_domain_name 10 | 11 | name = var.name 12 | environment = var.environment 13 | owner = var.owner 14 | cost_center = var.cost_center 15 | application = var.application 16 | 17 | } -------------------------------------------------------------------------------- /infra/route53/outputs.tf: -------------------------------------------------------------------------------- 1 | output "zone_id" { 2 | description = "The Zone ID of the Hosted Zone" 3 | value = module.route53.zone_id 4 | } 5 | 6 | output "name_servers" { 7 | description = "The list of Name Servers of the Hosted Zone" 8 | value = module.route53.name_servers 9 | } 10 | 11 | output "tags_all" { 12 | description = "The list of Tags associated with the Hosted Zone" 13 | value = module.route53.tags_all 14 | } -------------------------------------------------------------------------------- /infra/route53/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | description = "The AWS region where the Certificate Manager will be used." 4 | } 5 | 6 | variable "tags" { 7 | default = {} 8 | type = map(string) 9 | description = "A map of extra tags to attach to the AWS resources." 10 | } 11 | 12 | variable "name" { 13 | type = string 14 | description = "A user-defined name for the AWS resources." 15 | } 16 | 17 | variable "environment" { 18 | type = string 19 | description = "The name of the environment associated with the AWS resources." 20 | } 21 | 22 | variable "owner" { 23 | type = string 24 | description = "The name of the owner or responsible party for the AWS resources." 25 | } 26 | 27 | variable "cost_center" { 28 | type = string 29 | description = "The identifier for the cost center associated with the AWS resources." 30 | } 31 | 32 | variable "application" { 33 | type = string 34 | description = "The name of the application or project related to the AWS resources." 35 | } 36 | 37 | variable "dns_domain_name" { 38 | type = string 39 | description = "Domain name of the Route 53" 40 | } -------------------------------------------------------------------------------- /infra/ses/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | module "ses" { 6 | source = "../../modules/ses" 7 | region = var.region 8 | domain_name = var.domain_name 9 | dkim_record_count = var.dkim_record_count 10 | zone_id = var.zone_id 11 | dkim_record_type = var.dkim_record_type 12 | dkim_ttl = var.dkim_ttl 13 | custom_mail = var.custom_mail 14 | spf_mx_record = var.spf_mx_record 15 | spf_txt_record = var.spf_txt_record 16 | spf_ttl = var.spf_ttl 17 | name = var.name 18 | environment = var.environment 19 | owner = var.owner 20 | cost_center = var.cost_center 21 | application = var.application 22 | } 23 | 24 | 25 | -------------------------------------------------------------------------------- /infra/ses/output.tf: -------------------------------------------------------------------------------- 1 | output "domain_identity_token" { 2 | description = "Domain identity tokens" 3 | value = module.ses.domain_identity_token 4 | } 5 | 6 | output "domain_verification" { 7 | description = "Verification status of the domain identity" 8 | value = module.ses.domain_verification 9 | } 10 | 11 | output "dkim_tokens" { 12 | description = "DKIM tokens for domain identity" 13 | value = module.ses.dkim_tokens 14 | } 15 | 16 | output "domain_mail" { 17 | description = "Email address associated with the domain identity" 18 | value = module.ses.domain_mail 19 | } 20 | 21 | output "route53_dkim_fqdn" { 22 | description = "FQDN for the Route 53 DKIM DNS record" 23 | value = module.ses.route53_dkim_fqdn 24 | } 25 | 26 | output "route53_spf_mx_fqdn" { 27 | description = "FQDN for the Route 53 SPF MX DNS record" 28 | value = module.ses.route53_spf_mx_fqdn 29 | } 30 | 31 | output "route53_spf_txt_fqdn" { 32 | description = "FQDN for the Route 53 SPF TXT DNS record" 33 | value = module.ses.route53_spf_txt_fqdn 34 | } 35 | 36 | output "iam_user_name" { 37 | description = "IAM user name associated with SES" 38 | value = module.ses.iam_user_name 39 | } 40 | 41 | output "iam_user_policy" { 42 | description = "IAM policy associated with the IAM user" 43 | value = module.ses.iam_user_policy 44 | } 45 | 46 | -------------------------------------------------------------------------------- /infra/ses/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | description = "Region of the EC2 instance" 4 | } 5 | 6 | variable "domain_name" { 7 | type = string 8 | description = "Name of the domain" 9 | } 10 | 11 | variable "dkim_record_count" { 12 | type = number 13 | description = "Number of DKIM records to create" 14 | } 15 | 16 | variable "zone_id" { 17 | type = string 18 | description = "ID of the DNS zone where records will be added" 19 | } 20 | 21 | variable "dkim_record_type" { 22 | type = string 23 | description = "Type of DKIM records to create" 24 | } 25 | 26 | variable "dkim_ttl" { 27 | type = number 28 | description = "Time To Live (TTL) for DKIM records" 29 | } 30 | 31 | variable "custom_mail" { 32 | type = string 33 | description = "Custom email address to associate with the domain" 34 | } 35 | 36 | variable "spf_mx_record" { 37 | type = string 38 | description = "SPF MX record value for domain" 39 | } 40 | 41 | variable "spf_txt_record" { 42 | type = string 43 | description = "SPF TXT record value for domain" 44 | } 45 | 46 | variable "spf_ttl" { 47 | type = number 48 | description = "Time To Live (TTL) for SPF records" 49 | } 50 | 51 | variable "tags" { 52 | default = {} 53 | type = map(string) 54 | description = "Tags to associate with the resources" 55 | } 56 | 57 | variable "name" { 58 | type = string 59 | description = "Name of the resource" 60 | } 61 | 62 | variable "environment" { 63 | type = string 64 | description = "Environment where the resource is deployed" 65 | } 66 | 67 | variable "owner" { 68 | type = string 69 | description = "Owner of the resource" 70 | } 71 | 72 | variable "cost_center" { 73 | type = string 74 | description = "Cost center responsible for the resource" 75 | } 76 | 77 | variable "application" { 78 | type = string 79 | description = "Application to which the resource belongs" 80 | } 81 | -------------------------------------------------------------------------------- /infra/sg/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | description = "Region of the security group." 4 | } 5 | 6 | variable "sg_name" { 7 | type = string 8 | description = "Name of the security group for the instance." 9 | } 10 | 11 | variable "vpc_id" { 12 | type = string 13 | description = "ID of the VPC associated with the security group." 14 | } 15 | 16 | variable "tags" { 17 | default = {} 18 | type = map(string) 19 | description = "Extra tags to attach to the EC2 security group resources." 20 | } 21 | 22 | variable "name" { 23 | type = string 24 | description = "The name of the resources." 25 | } 26 | 27 | variable "environment" { 28 | type = string 29 | description = "The environment name for the resources." 30 | } 31 | 32 | variable "owner" { 33 | type = string 34 | description = "Owner's name for the resource." 35 | } 36 | 37 | variable "cost_center" { 38 | type = string 39 | description = "Cost center identifier for the resource." 40 | } 41 | 42 | variable "application" { 43 | type = string 44 | description = "Name of the application related to the resource." 45 | } 46 | 47 | variable "ingress_cidr_from_port" { 48 | type = list(number) 49 | description = "List of starting ports for cidr ingress rules of the EC2 security group." 50 | } 51 | 52 | variable "ingress_cidr_to_port" { 53 | type = list(number) 54 | description = "List of ending ports for cidr ingress rules of the EC2 security group." 55 | } 56 | 57 | variable "ingress_cidr_protocol" { 58 | type = list(string) 59 | description = "List of protocols for cidr ingress rules of the EC2 security group." 60 | } 61 | 62 | variable "ingress_cidr_block" { 63 | type = list(string) 64 | description = "List of CIDR blocks for cidr ingress rules of the EC2 security group." 65 | } 66 | 67 | variable "ingress_sg_from_port" { 68 | type = list(number) 69 | description = "List of starting ports for sg ingress rules of the EC2 security group." 70 | } 71 | 72 | variable "ingress_sg_to_port" { 73 | type = list(number) 74 | description = "List of ending ports for sg ingress rules of the EC2 security group." 75 | } 76 | 77 | variable "ingress_sg_protocol" { 78 | type = list(string) 79 | description = "List of protocols for sg ingress rules of the EC2 security group." 80 | } 81 | 82 | variable "ingress_security_group_ids" { 83 | type = list(string) 84 | description = "List of Security Group ids for sg ingress rules of the EC2 security group." 85 | } 86 | 87 | variable "egress_cidr_from_port" { 88 | type = list(number) 89 | description = "List of starting ports for cidr egress rules of the EC2 security group." 90 | } 91 | 92 | variable "egress_cidr_to_port" { 93 | type = list(number) 94 | description = "List of ending ports for cidr egress rules of the EC2 security group." 95 | } 96 | 97 | variable "egress_cidr_protocol" { 98 | type = list(any) 99 | description = "List of protocols for cidr egress rules of the EC2 security group." 100 | } 101 | 102 | variable "egress_cidr_block" { 103 | type = list(string) 104 | description = "List of CIDR blocks for cidr egress rules of the EC2 security group." 105 | } 106 | 107 | variable "egress_sg_from_port" { 108 | type = list(number) 109 | description = "List of starting ports for sg egress rules of the EC2 security group." 110 | } 111 | 112 | variable "egress_sg_to_port" { 113 | type = list(number) 114 | description = "List of ending ports for sg egress rules of the EC2 security group." 115 | } 116 | 117 | variable "egress_sg_protocol" { 118 | type = list(any) 119 | description = "List of protocols for sg egress rules of the EC2 security group." 120 | } 121 | 122 | variable "egress_security_group_ids" { 123 | type = list(string) 124 | description = "List of Security Group ids for sg egress rules of the EC2 security group." 125 | } 126 | 127 | variable "create_ingress_cidr" { 128 | type = bool 129 | description = "Enable or disable CIDR block ingress rules." 130 | } 131 | 132 | variable "create_ingress_sg" { 133 | type = bool 134 | description = "Enable or disable Security Groups ingress rules." 135 | } 136 | 137 | variable "create_egress_cidr" { 138 | type = bool 139 | description = "Enable or disable CIDR block egress rules." 140 | } 141 | 142 | variable "create_egress_sg" { 143 | type = bool 144 | description = "Enable or disable Security Groups egress rules." 145 | } -------------------------------------------------------------------------------- /infra/tag-policy/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | module "tag-policy" { 6 | source = "../../modules/tag-policy" 7 | region = var.region 8 | policy_name = var.policy_name 9 | policy_type = var.policy_type 10 | target_id = var.target_id 11 | 12 | name_tag_key = var.name_tag_key 13 | environment_tag_key = var.environment_tag_key 14 | owner_tag_key = var.owner_tag_key 15 | owner_tag_value = var.owner_tag_value 16 | costcenter_tag_key = var.costcenter_tag_key 17 | costcenter_tag_value = var.costcenter_tag_value 18 | application_tag_key = var.application_tag_key 19 | enforce_for_values = var.enforce_for_values 20 | } -------------------------------------------------------------------------------- /infra/tag-policy/outputs.tf: -------------------------------------------------------------------------------- 1 | output "policy_id" { 2 | value = module.tag-policy.policy_id 3 | description = "ID of the tag policy" 4 | } -------------------------------------------------------------------------------- /infra/tag-policy/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | description = "The AWS region for provider configuration." 4 | } 5 | 6 | variable "policy_name" { 7 | type = string 8 | description = "A descriptive name for the AWS Organizations Tag Policy." 9 | } 10 | 11 | variable "policy_type" { 12 | type = string 13 | description = "The type of the AWS Organizations Tag Policy." 14 | } 15 | 16 | variable "target_id" { 17 | type = number 18 | description = "The ID of the target organizational unit to attach the Tag Policy." 19 | } 20 | 21 | variable "name_tag_key" { 22 | type = string 23 | description = "The tag key for the 'Name' tag." 24 | } 25 | 26 | variable "environment_tag_key" { 27 | type = string 28 | description = "The tag key for the 'Environment' tag." 29 | } 30 | 31 | variable "owner_tag_key" { 32 | type = string 33 | description = "The tag key for the 'Owner' tag." 34 | } 35 | 36 | variable "owner_tag_value" { 37 | type = list(string) 38 | description = "A list of valid tag values for the 'Owner' tag." 39 | } 40 | 41 | variable "costcenter_tag_key" { 42 | type = string 43 | description = "The tag key for the 'CostCenter' tag." 44 | } 45 | 46 | variable "costcenter_tag_value" { 47 | type = list(string) 48 | description = "A list of valid tag values for the 'CostCenter' tag." 49 | } 50 | 51 | variable "application_tag_key" { 52 | type = string 53 | description = "The tag key for the 'Application' tag." 54 | } 55 | 56 | variable "enforce_for_values" { 57 | type = list(string) 58 | description = "A list of tag values to enforce for the 'Application' tag." 59 | } 60 | -------------------------------------------------------------------------------- /infra/vpc/main.tf: -------------------------------------------------------------------------------- 1 | # terraform { 2 | # backend "s3" {} 3 | # } 4 | provider "aws" { 5 | region = var.region 6 | } 7 | 8 | module "vpc" { 9 | source = "../../modules/vpc" 10 | region = var.region 11 | vpc_cidr_block = var.vpc_cidr_block 12 | instance_tenancy = var.instance_tenancy 13 | enable_dns_support = var.enable_dns_support 14 | enable_dns_hostnames = var.enable_dns_hostnames 15 | domain = var.domain 16 | create_nat_gateway = var.create_nat_gateway 17 | destination_cidr_block = var.destination_cidr_block 18 | map_public_ip_on_launch = var.map_public_ip_on_launch 19 | public_subnet_cidr_blocks = var.public_subnet_cidr_blocks 20 | app_subnet_cidr_blocks = var.app_subnet_cidr_blocks 21 | db_subnet_cidr_blocks = var.db_subnet_cidr_blocks 22 | management_subnet_cidr_blocks = var.management_subnet_cidr_blocks 23 | platform_subnet_cidr_blocks = var.platform_subnet_cidr_blocks 24 | availability_zones = var.availability_zones 25 | create_s3_endpoint = var.create_s3_endpoint 26 | create_secrets_manager_endpoint = var.create_secrets_manager_endpoint 27 | create_cloudwatch_logs_endpoint = var.create_cloudwatch_logs_endpoint 28 | ingress_public_nacl_rule_no = var.ingress_public_nacl_rule_no 29 | ingress_public_nacl_action = var.ingress_public_nacl_action 30 | ingress_public_nacl_from_port = var.ingress_public_nacl_from_port 31 | ingress_public_nacl_to_port = var.ingress_public_nacl_to_port 32 | ingress_public_nacl_protocol = var.ingress_public_nacl_protocol 33 | ingress_public_nacl_cidr_block = var.ingress_public_nacl_cidr_block 34 | egress_public_nacl_rule_no = var.egress_public_nacl_rule_no 35 | egress_public_nacl_action = var.egress_public_nacl_action 36 | egress_public_nacl_from_port = var.egress_public_nacl_from_port 37 | egress_public_nacl_to_port = var.egress_public_nacl_to_port 38 | egress_public_nacl_protocol = var.egress_public_nacl_protocol 39 | egress_public_nacl_cidr_block = var.egress_public_nacl_cidr_block 40 | ingress_app_nacl_rule_no = var.ingress_app_nacl_rule_no 41 | ingress_app_nacl_action = var.ingress_app_nacl_action 42 | ingress_app_nacl_from_port = var.ingress_app_nacl_from_port 43 | ingress_app_nacl_to_port = var.ingress_app_nacl_to_port 44 | ingress_app_nacl_protocol = var.ingress_app_nacl_protocol 45 | ingress_app_nacl_cidr_block = var.ingress_app_nacl_cidr_block 46 | egress_app_nacl_rule_no = var.egress_app_nacl_rule_no 47 | egress_app_nacl_action = var.egress_app_nacl_action 48 | egress_app_nacl_from_port = var.egress_app_nacl_from_port 49 | egress_app_nacl_to_port = var.egress_app_nacl_to_port 50 | egress_app_nacl_protocol = var.egress_app_nacl_protocol 51 | egress_app_nacl_cidr_block = var.egress_app_nacl_cidr_block 52 | ingress_db_nacl_rule_no = var.ingress_db_nacl_rule_no 53 | ingress_db_nacl_action = var.ingress_db_nacl_action 54 | ingress_db_nacl_from_port = var.ingress_db_nacl_from_port 55 | ingress_db_nacl_to_port = var.ingress_db_nacl_to_port 56 | ingress_db_nacl_protocol = var.ingress_db_nacl_protocol 57 | ingress_db_nacl_cidr_block = var.ingress_db_nacl_cidr_block 58 | egress_db_nacl_rule_no = var.egress_db_nacl_rule_no 59 | egress_db_nacl_action = var.egress_db_nacl_action 60 | egress_db_nacl_from_port = var.egress_db_nacl_from_port 61 | egress_db_nacl_to_port = var.egress_db_nacl_to_port 62 | egress_db_nacl_protocol = var.egress_db_nacl_protocol 63 | egress_db_nacl_cidr_block = var.egress_db_nacl_cidr_block 64 | ingress_management_nacl_rule_no = var.ingress_management_nacl_rule_no 65 | ingress_management_nacl_action = var.ingress_management_nacl_action 66 | ingress_management_nacl_from_port = var.ingress_management_nacl_from_port 67 | ingress_management_nacl_to_port = var.ingress_management_nacl_to_port 68 | ingress_management_nacl_protocol = var.ingress_management_nacl_protocol 69 | ingress_management_nacl_cidr_block = var.ingress_management_nacl_cidr_block 70 | egress_management_nacl_rule_no = var.egress_management_nacl_rule_no 71 | egress_management_nacl_action = var.egress_management_nacl_action 72 | egress_management_nacl_from_port = var.egress_management_nacl_from_port 73 | egress_management_nacl_to_port = var.egress_management_nacl_to_port 74 | egress_management_nacl_protocol = var.egress_management_nacl_protocol 75 | egress_management_nacl_cidr_block = var.egress_management_nacl_cidr_block 76 | ingress_platform_nacl_rule_no = var.ingress_platform_nacl_rule_no 77 | ingress_platform_nacl_action = var.ingress_platform_nacl_action 78 | ingress_platform_nacl_from_port = var.ingress_platform_nacl_from_port 79 | ingress_platform_nacl_to_port = var.ingress_platform_nacl_to_port 80 | ingress_platform_nacl_protocol = var.ingress_platform_nacl_protocol 81 | ingress_platform_nacl_cidr_block = var.ingress_platform_nacl_cidr_block 82 | egress_platform_nacl_rule_no = var.egress_platform_nacl_rule_no 83 | egress_platform_nacl_action = var.egress_platform_nacl_action 84 | egress_platform_nacl_from_port = var.egress_platform_nacl_from_port 85 | egress_platform_nacl_to_port = var.egress_platform_nacl_to_port 86 | egress_platform_nacl_protocol = var.egress_platform_nacl_protocol 87 | egress_platform_nacl_cidr_block = var.egress_platform_nacl_cidr_block 88 | owner = var.owner 89 | environment = var.environment 90 | cost_center = var.cost_center 91 | application = var.application 92 | } -------------------------------------------------------------------------------- /infra/vpc/variables.tf: -------------------------------------------------------------------------------- 1 | # Common Variables 2 | 3 | variable "tags" { 4 | default = {} 5 | type = map(string) 6 | description = "Extra tags to attach to the VPC resources" 7 | } 8 | 9 | variable "region" { 10 | type = string 11 | description = "Region of the VPC" 12 | } 13 | 14 | # VPC Variables 15 | 16 | variable "vpc_cidr_block" { 17 | type = string 18 | description = "CIDR block for the VPC" 19 | } 20 | 21 | # Subnet Varaibles 22 | 23 | variable "public_subnet_cidr_blocks" { 24 | type = list(any) 25 | description = "List of public subnet CIDR blocks" 26 | } 27 | 28 | variable "app_subnet_cidr_blocks" { 29 | type = list(any) 30 | description = "List of application subnet CIDR blocks" 31 | } 32 | 33 | variable "db_subnet_cidr_blocks" { 34 | type = list(any) 35 | description = "List of Database subnet CIDR blocks" 36 | } 37 | 38 | variable "management_subnet_cidr_blocks" { 39 | type = list(any) 40 | description = "List of management subnet CIDR blocks" 41 | } 42 | 43 | variable "platform_subnet_cidr_blocks" { 44 | type = list(any) 45 | description = "List of platform subnet CIDR blocks" 46 | } 47 | 48 | variable "availability_zones" { 49 | type = list(any) 50 | description = "List of availability zones" 51 | } 52 | 53 | variable "create_nat_gateway" { 54 | type = bool 55 | description = "whether to create a NAT gateway or not" 56 | } 57 | 58 | variable "owner" { 59 | type = string 60 | description = "Name of owner" 61 | } 62 | 63 | variable "environment" { 64 | type = string 65 | description = "The environment name for the resources." 66 | } 67 | 68 | variable "cost_center" { 69 | type = string 70 | description = "Name of cost-center for this alb-asg" 71 | } 72 | 73 | variable "application" { 74 | type = string 75 | description = "Name of the application" 76 | } 77 | 78 | variable "instance_tenancy" { 79 | type = string 80 | description = "Set instance-tenancy" 81 | } 82 | 83 | variable "enable_dns_support" { 84 | type = bool 85 | description = "whether to enable DNS support or not" 86 | } 87 | 88 | variable "enable_dns_hostnames" { 89 | type = bool 90 | description = "whether to enable DNS hostnames or not" 91 | } 92 | 93 | variable "domain" { 94 | type = string 95 | description = "Set the domain of eip" 96 | } 97 | 98 | variable "destination_cidr_block" { 99 | type = string 100 | description = "Set the destination cidr block" 101 | } 102 | 103 | variable "map_public_ip_on_launch" { 104 | type = bool 105 | description = "whether to map public ip on launch or not" 106 | } 107 | 108 | variable "create_s3_endpoint" { 109 | type = bool 110 | description = "whether to create s3 endpoint or not" 111 | } 112 | 113 | variable "create_secrets_manager_endpoint" { 114 | type = bool 115 | description = "whether to create secrets-manager endpoint or not" 116 | } 117 | 118 | variable "create_cloudwatch_logs_endpoint" { 119 | type = bool 120 | description = "whether to create cloudwatch logs endpoint or not" 121 | } 122 | 123 | variable "ingress_public_nacl_rule_no" { 124 | type = list(number) 125 | description = "List of public nacl ingress rule no" 126 | } 127 | 128 | variable "ingress_public_nacl_action" { 129 | type = list(string) 130 | description = "List of public nacl ingress action " 131 | } 132 | 133 | variable "ingress_public_nacl_from_port" { 134 | type = list(number) 135 | description = "List of public nacl ingress from port " 136 | } 137 | 138 | variable "ingress_public_nacl_to_port" { 139 | type = list(number) 140 | description = "List of public nacl ingress to port " 141 | } 142 | 143 | variable "ingress_public_nacl_protocol" { 144 | type = list(string) 145 | description = "List of public nacl ingress protocol " 146 | } 147 | 148 | variable "ingress_public_nacl_cidr_block" { 149 | type = list(string) 150 | description = "List of public nacl ingress cidr block " 151 | } 152 | 153 | variable "egress_public_nacl_rule_no" { 154 | type = list(number) 155 | description = "List of public nacl egress rule no" 156 | } 157 | 158 | variable "egress_public_nacl_action" { 159 | type = list(string) 160 | description = "List of public nacl egress action " 161 | } 162 | 163 | variable "egress_public_nacl_from_port" { 164 | type = list(number) 165 | description = "List of public nacl egress from port " 166 | } 167 | 168 | variable "egress_public_nacl_to_port" { 169 | type = list(number) 170 | description = "List of public nacl egress to port " 171 | } 172 | 173 | variable "egress_public_nacl_protocol" { 174 | type = list(string) 175 | description = "List of public nacl egress protocol " 176 | } 177 | 178 | variable "egress_public_nacl_cidr_block" { 179 | type = list(string) 180 | description = "List of public nacl egress cidr block " 181 | } 182 | 183 | variable "ingress_app_nacl_rule_no" { 184 | type = list(number) 185 | description = "List of app nacl ingress rule no" 186 | } 187 | 188 | variable "ingress_app_nacl_action" { 189 | type = list(string) 190 | description = "List of app nacl ingress action " 191 | } 192 | 193 | variable "ingress_app_nacl_from_port" { 194 | type = list(number) 195 | description = "List of app nacl ingress from port " 196 | } 197 | 198 | variable "ingress_app_nacl_to_port" { 199 | type = list(number) 200 | description = "List of app nacl ingress to port " 201 | } 202 | 203 | variable "ingress_app_nacl_protocol" { 204 | type = list(string) 205 | description = "List of app nacl ingress protocol " 206 | } 207 | 208 | variable "ingress_app_nacl_cidr_block" { 209 | type = list(string) 210 | description = "List of app nacl ingress cidr block " 211 | } 212 | 213 | variable "egress_app_nacl_rule_no" { 214 | type = list(number) 215 | description = "List of app nacl egress rule no" 216 | } 217 | 218 | variable "egress_app_nacl_action" { 219 | type = list(string) 220 | description = "List of app nacl egress action " 221 | } 222 | 223 | variable "egress_app_nacl_from_port" { 224 | type = list(number) 225 | description = "List of app nacl egress from port " 226 | } 227 | 228 | variable "egress_app_nacl_to_port" { 229 | type = list(number) 230 | description = "List of app nacl egress to port " 231 | } 232 | 233 | variable "egress_app_nacl_protocol" { 234 | type = list(string) 235 | description = "List of app nacl egress protocol " 236 | } 237 | 238 | variable "egress_app_nacl_cidr_block" { 239 | type = list(string) 240 | description = "List of app nacl egress cidr block " 241 | } 242 | 243 | variable "ingress_db_nacl_rule_no" { 244 | type = list(number) 245 | description = "List of db nacl ingress rule no" 246 | } 247 | 248 | variable "ingress_db_nacl_action" { 249 | type = list(string) 250 | description = "List of db nacl ingress action " 251 | } 252 | 253 | variable "ingress_db_nacl_from_port" { 254 | type = list(number) 255 | description = "List of db nacl ingress from port " 256 | } 257 | 258 | variable "ingress_db_nacl_to_port" { 259 | type = list(number) 260 | description = "List of db nacl ingress to port " 261 | } 262 | 263 | variable "ingress_db_nacl_protocol" { 264 | type = list(string) 265 | description = "List of db nacl ingress protocol " 266 | } 267 | 268 | variable "ingress_db_nacl_cidr_block" { 269 | type = list(string) 270 | description = "List of db nacl ingress cidr block " 271 | } 272 | 273 | variable "egress_db_nacl_rule_no" { 274 | type = list(number) 275 | description = "List of db nacl egress rule no" 276 | } 277 | 278 | variable "egress_db_nacl_action" { 279 | type = list(string) 280 | description = "List of db nacl egress action " 281 | } 282 | 283 | variable "egress_db_nacl_from_port" { 284 | type = list(number) 285 | description = "List of db nacl egress from port " 286 | } 287 | 288 | variable "egress_db_nacl_to_port" { 289 | type = list(number) 290 | description = "List of db nacl egress to port " 291 | } 292 | 293 | variable "egress_db_nacl_protocol" { 294 | type = list(string) 295 | description = "List of db nacl egress protocol " 296 | } 297 | 298 | variable "egress_db_nacl_cidr_block" { 299 | type = list(string) 300 | description = "List of db nacl egress cidr block " 301 | } 302 | 303 | variable "ingress_management_nacl_rule_no" { 304 | type = list(number) 305 | description = "List of management nacl ingress rule no" 306 | } 307 | 308 | variable "ingress_management_nacl_action" { 309 | type = list(string) 310 | description = "List of management nacl ingress action " 311 | } 312 | 313 | variable "ingress_management_nacl_from_port" { 314 | type = list(number) 315 | description = "List of management nacl ingress from port " 316 | } 317 | 318 | variable "ingress_management_nacl_to_port" { 319 | type = list(number) 320 | description = "List of management nacl ingress to port " 321 | } 322 | 323 | variable "ingress_management_nacl_protocol" { 324 | type = list(string) 325 | description = "List of management nacl ingress protocol " 326 | } 327 | 328 | variable "ingress_management_nacl_cidr_block" { 329 | type = list(string) 330 | description = "List of management nacl ingress cidr block " 331 | } 332 | 333 | variable "egress_management_nacl_rule_no" { 334 | type = list(number) 335 | description = "List of management nacl egress rule no" 336 | } 337 | 338 | variable "egress_management_nacl_action" { 339 | type = list(string) 340 | description = "List of management nacl egress action " 341 | } 342 | 343 | variable "egress_management_nacl_from_port" { 344 | type = list(number) 345 | description = "List of management nacl egress from port " 346 | } 347 | 348 | variable "egress_management_nacl_to_port" { 349 | type = list(number) 350 | description = "List of management nacl egress to port " 351 | } 352 | 353 | variable "egress_management_nacl_protocol" { 354 | type = list(string) 355 | description = "List of management nacl egress protocol " 356 | } 357 | 358 | variable "egress_management_nacl_cidr_block" { 359 | type = list(string) 360 | description = "List of management nacl egress cidr block " 361 | } 362 | 363 | variable "ingress_platform_nacl_rule_no" { 364 | type = list(number) 365 | description = "List of platform nacl ingress rule no" 366 | } 367 | 368 | variable "ingress_platform_nacl_action" { 369 | type = list(string) 370 | description = "List of platform nacl ingress action " 371 | } 372 | 373 | variable "ingress_platform_nacl_from_port" { 374 | type = list(number) 375 | description = "List of platform nacl ingress from port " 376 | } 377 | 378 | variable "ingress_platform_nacl_to_port" { 379 | type = list(number) 380 | description = "List of platform nacl ingress to port " 381 | } 382 | 383 | variable "ingress_platform_nacl_protocol" { 384 | type = list(string) 385 | description = "List of platform nacl ingress protocol " 386 | } 387 | 388 | variable "ingress_platform_nacl_cidr_block" { 389 | type = list(string) 390 | description = "List of platform nacl ingress cidr block " 391 | } 392 | 393 | variable "egress_platform_nacl_rule_no" { 394 | type = list(number) 395 | description = "List of platform nacl egress rule no" 396 | } 397 | 398 | variable "egress_platform_nacl_action" { 399 | type = list(string) 400 | description = "List of platform nacl egress action " 401 | } 402 | 403 | variable "egress_platform_nacl_from_port" { 404 | type = list(number) 405 | description = "List of platform nacl egress from port " 406 | } 407 | 408 | variable "egress_platform_nacl_to_port" { 409 | type = list(number) 410 | description = "List of platform nacl egress to port " 411 | } 412 | 413 | variable "egress_platform_nacl_protocol" { 414 | type = list(string) 415 | description = "List of platform nacl egress protocol " 416 | } 417 | 418 | variable "egress_platform_nacl_cidr_block" { 419 | type = list(string) 420 | description = "List of platform nacl egress cidr block " 421 | } 422 | -------------------------------------------------------------------------------- /modules/acm/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_acm_certificate" "ssl_cert" { 2 | domain_name = var.domain_name 3 | validation_method = var.validation_method 4 | key_algorithm = var.key_algorithm 5 | 6 | lifecycle { 7 | create_before_destroy = true 8 | } 9 | 10 | options { 11 | certificate_transparency_logging_preference = var.certificate_transparency_logging_preference 12 | } 13 | 14 | tags = merge( 15 | { 16 | Name = "${var.environment}-${var.application}-SSL-Cert" 17 | Environment = var.environment 18 | Owner = var.owner 19 | CostCenter = var.cost_center 20 | Application = var.application 21 | }, 22 | var.tags 23 | ) 24 | } 25 | 26 | data "aws_route53_zone" "dns_zone" { 27 | name = var.dns_domain_name 28 | private_zone = false 29 | } 30 | 31 | resource "aws_route53_record" "acm_record" { 32 | for_each = { 33 | for dvo in aws_acm_certificate.ssl_cert.domain_validation_options : dvo.domain_name => { 34 | name = dvo.resource_record_name 35 | record = dvo.resource_record_value 36 | type = dvo.resource_record_type 37 | } 38 | } 39 | 40 | allow_overwrite = true 41 | name = each.value.name 42 | records = [each.value.record] 43 | ttl = 300 44 | type = each.value.type 45 | zone_id = data.aws_route53_zone.dns_zone.zone_id 46 | } 47 | -------------------------------------------------------------------------------- /modules/acm/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cert_domain_name" { 2 | description = "The valid domain name associated with the SSL/TLS certificate." 3 | value = aws_acm_certificate.ssl_cert.domain_name 4 | } 5 | 6 | output "cert_expiry_date" { 7 | description = "The expiration date of the SSL/TLS certificate." 8 | value = aws_acm_certificate.ssl_cert.not_after 9 | } 10 | 11 | output "cert_renewal_eligibility" { 12 | description = "Indicates if the SSL/TLS certificate is eligible for renewal." 13 | value = aws_acm_certificate.ssl_cert.renewal_eligibility 14 | } 15 | 16 | output "cert_source" { 17 | description = "The source or type of the SSL/TLS certificate (e.g., 'AMAZON_ISSUED', 'IMPORTED')." 18 | value = aws_acm_certificate.ssl_cert.type 19 | } 20 | -------------------------------------------------------------------------------- /modules/acm/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | description = "The AWS region where the Certificate Manager will be used." 4 | } 5 | 6 | variable "domain_name" { 7 | type = string 8 | description = "The domain name associated with the SSL/TLS certificate." 9 | } 10 | 11 | variable "validation_method" { 12 | type = string 13 | description = "The validation method used for certificate issuance (e.g., DNS, email)." 14 | } 15 | 16 | variable "key_algorithm" { 17 | type = string 18 | description = "The cryptographic key algorithm used for the certificate (e.g., RSA, ECDSA)." 19 | } 20 | 21 | variable "certificate_transparency_logging_preference" { 22 | type = string 23 | description = "The logging preference for certificate transparency (e.g., 'ENABLED' or 'DISABLED')." 24 | } 25 | 26 | variable "tags" { 27 | default = {} 28 | type = map(string) 29 | description = "A map of extra tags to attach to the AWS resources." 30 | } 31 | 32 | variable "name" { 33 | type = string 34 | description = "A user-defined name for the AWS resources." 35 | } 36 | 37 | variable "environment" { 38 | type = string 39 | description = "The name of the environment associated with the AWS resources." 40 | } 41 | 42 | variable "owner" { 43 | type = string 44 | description = "The name of the owner or responsible party for the AWS resources." 45 | } 46 | 47 | variable "cost_center" { 48 | type = string 49 | description = "The identifier for the cost center associated with the AWS resources." 50 | } 51 | 52 | variable "application" { 53 | type = string 54 | description = "The name of the application or project related to the AWS resources." 55 | } 56 | 57 | variable "dns_domain_name" { 58 | type = string 59 | description = "Domain name of the Route 53" 60 | } -------------------------------------------------------------------------------- /modules/alb/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_alb" "application_load_balancer" { 2 | name = "${var.environment}-${var.application}-alb" 3 | internal = var.internal 4 | load_balancer_type = var.loadbalancer_type 5 | 6 | subnets = var.alb_subnets 7 | security_groups = var.security_group_ids 8 | 9 | tags = merge( 10 | { 11 | Name = "${var.environment}-${var.application}-alb", 12 | Environment = var.environment, 13 | Owner = var.owner, 14 | CostCenter = var.cost_center, 15 | Application = var.application 16 | }, 17 | var.tags 18 | ) 19 | } 20 | 21 | resource "aws_alb_target_group" "alb_tg" { 22 | name_prefix = "alb-tg" 23 | port = var.target_group_port 24 | protocol = var.target_group_protocol 25 | vpc_id = var.vpc_id 26 | target_type = var.target_type 27 | 28 | health_check { 29 | path = var.health_check_path 30 | port = var.health_check_port 31 | protocol = var.health_check_protocol 32 | interval = var.health_check_interval 33 | timeout = var.health_check_timeout 34 | healthy_threshold = var.health_check_healthy_threshold 35 | unhealthy_threshold = var.health_check_unhealthy_threshold 36 | } 37 | 38 | load_balancing_algorithm_type = var.load_balancing_algorithm 39 | 40 | tags = merge( 41 | { 42 | Name = "${var.environment}-${var.application}-alb-target-group" 43 | Environment = var.environment, 44 | Owner = var.owner, 45 | CostCenter = var.cost_center, 46 | Application = var.application 47 | }, 48 | var.tags 49 | ) 50 | } 51 | 52 | resource "aws_alb_listener" "application_listener" { 53 | load_balancer_arn = aws_alb.application_load_balancer.arn 54 | port = var.listener_port 55 | protocol = var.listener_protocol 56 | 57 | default_action { 58 | target_group_arn = aws_alb_target_group.alb_tg.arn 59 | type = var.listener_type 60 | } 61 | } 62 | -------------------------------------------------------------------------------- /modules/alb/outputs.tf: -------------------------------------------------------------------------------- 1 | output "load_balancer_dns_name" { 2 | description = "LoadBalancer dns name" 3 | value = aws_alb.application_load_balancer.dns_name 4 | } 5 | 6 | output "alb_target_group_arn" { 7 | description = "ALB Target Grouparn" 8 | value = aws_alb_target_group.alb_tg.arn 9 | } 10 | -------------------------------------------------------------------------------- /modules/alb/variables.tf: -------------------------------------------------------------------------------- 1 | variable "tags" { 2 | default = {} 3 | type = map(string) 4 | description = "Extra tags to attach to the alb-asg resources" 5 | } 6 | 7 | variable "region" { 8 | type = string 9 | description = "Region of the alb-asg" 10 | } 11 | 12 | variable "internal" { 13 | description = "Whether the load balancer is internal or not" 14 | type = bool 15 | } 16 | 17 | variable "loadbalancer_type" { 18 | description = "Load balancer type" 19 | type = string 20 | } 21 | 22 | variable "security_group_ids" { 23 | type = list(string) 24 | description = "Security group id of the ec2 instance" 25 | } 26 | 27 | variable "vpc_id" { 28 | type = string 29 | description = "The ID of the VPC to use for the resources." 30 | } 31 | 32 | variable "alb_subnets" { 33 | description = "A list of subnet IDs to use for the resources." 34 | type = list(string) 35 | } 36 | 37 | variable "target_group_port" { 38 | description = "Target group port" 39 | type = number 40 | } 41 | 42 | variable "target_group_protocol" { 43 | description = "Target group protocol" 44 | type = string 45 | } 46 | 47 | variable "target_type" { 48 | description = "Target type" 49 | type = string 50 | } 51 | 52 | variable "load_balancing_algorithm" { 53 | description = "Specify the load balancing algorithm type" 54 | type = string 55 | } 56 | 57 | variable "health_check_path" { 58 | description = "Health check path" 59 | type = string 60 | } 61 | 62 | variable "health_check_port" { 63 | description = "Health check port" 64 | type = number 65 | } 66 | 67 | variable "health_check_protocol" { 68 | description = "Health check protocol" 69 | type = string 70 | } 71 | 72 | variable "health_check_interval" { 73 | description = "Health check interval" 74 | type = number 75 | } 76 | 77 | variable "health_check_timeout" { 78 | description = "Health check timeout" 79 | type = number 80 | } 81 | 82 | variable "health_check_healthy_threshold" { 83 | description = "Health check healthy threshold" 84 | type = number 85 | } 86 | 87 | variable "health_check_unhealthy_threshold" { 88 | description = "Health check unhealthy threshold" 89 | type = number 90 | } 91 | 92 | variable "listener_port" { 93 | description = "Listener port" 94 | type = number 95 | } 96 | 97 | variable "listener_protocol" { 98 | description = "Listener protocol" 99 | type = string 100 | } 101 | 102 | variable "listener_type" { 103 | description = "Listener type" 104 | type = string 105 | } 106 | 107 | variable "owner" { 108 | type = string 109 | description = "Name of owner" 110 | } 111 | 112 | variable "environment" { 113 | type = string 114 | description = "The environment name for the resources." 115 | } 116 | 117 | variable "cost_center" { 118 | type = string 119 | description = "Name of cost-center for this alb-asg" 120 | } 121 | 122 | variable "application" { 123 | type = string 124 | description = "Name of the application" 125 | } 126 | -------------------------------------------------------------------------------- /modules/asg/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | asg_tags = merge( 3 | var.tags, 4 | { "Name" = "${var.environment}-${var.application}-asg" } 5 | ) 6 | } 7 | 8 | resource "aws_iam_instance_profile" "instance_profile" { 9 | name = "${var.environment}-${var.application}-instance_profile" 10 | 11 | role = var.iam_role 12 | } 13 | 14 | resource "aws_launch_template" "application_lt" { 15 | name_prefix = "${var.environment}-${var.application}-launch_template" 16 | image_id = var.ami_id 17 | instance_type = var.instance_type 18 | key_name = var.key_name 19 | 20 | iam_instance_profile { 21 | name = "${var.environment}-${var.application}-instance_profile" 22 | } 23 | 24 | network_interfaces { 25 | associate_public_ip_address = var.public_access 26 | security_groups = var.security_group_ids 27 | } 28 | 29 | user_data = base64encode(var.user_data) 30 | 31 | } 32 | 33 | resource "aws_autoscaling_group" "application_asg" { 34 | name = "${var.environment}-${var.application}-asg" 35 | max_size = var.max_size 36 | min_size = var.min_size 37 | desired_capacity = var.desired_capacity 38 | vpc_zone_identifier = var.asg_subnets 39 | 40 | launch_template { 41 | id = aws_launch_template.application_lt.id 42 | version = aws_launch_template.application_lt.latest_version 43 | } 44 | 45 | lifecycle { 46 | ignore_changes = [load_balancers, target_group_arns] 47 | } 48 | 49 | dynamic "tag" { 50 | for_each = local.asg_tags 51 | content { 52 | key = tag.key 53 | value = tag.value 54 | propagate_at_launch = true 55 | } 56 | } 57 | 58 | 59 | } 60 | 61 | resource "aws_autoscaling_policy" "cpu_scaling_policy" { 62 | name = "${var.environment}-${var.application}-cpu-scaling-policy" 63 | policy_type = "TargetTrackingScaling" 64 | estimated_instance_warmup = var.instance_warmup_time 65 | autoscaling_group_name = aws_autoscaling_group.application_asg.name 66 | 67 | target_tracking_configuration { 68 | predefined_metric_specification { 69 | predefined_metric_type = "ASGAverageCPUUtilization" 70 | } 71 | 72 | target_value = var.target_value 73 | } 74 | } 75 | 76 | 77 | resource "aws_autoscaling_attachment" "application_asg_attachment" { 78 | autoscaling_group_name = aws_autoscaling_group.application_asg.name 79 | lb_target_group_arn = var.alb_target_group_arn 80 | } -------------------------------------------------------------------------------- /modules/asg/outputs.tf: -------------------------------------------------------------------------------- 1 | output "auto_scaling_group_name" { 2 | description = "Auto scaling group name" 3 | value = aws_autoscaling_group.application_asg.name 4 | } 5 | 6 | output "launch_template_id" { 7 | description = " launch template id" 8 | value = aws_launch_template.application_lt.id 9 | } 10 | -------------------------------------------------------------------------------- /modules/asg/variables.tf: -------------------------------------------------------------------------------- 1 | variable "tags" { 2 | default = {} 3 | type = map(string) 4 | description = "Extra tags to attach to the alb-asg resources" 5 | } 6 | 7 | variable "iam_role" { 8 | description = "IAM role for the instance" 9 | type = string 10 | } 11 | 12 | variable "ami_id" { 13 | type = string 14 | description = "The ID of the Amazon Machine Image (AMI) to use for the EC2 instances." 15 | } 16 | 17 | variable "instance_type" { 18 | type = string 19 | description = "The type of EC2 instance to use for the ASG." 20 | } 21 | 22 | variable "key_name" { 23 | type = string 24 | description = "The name of the EC2 key pair to use for the instances." 25 | } 26 | 27 | variable "vpc_id" { 28 | type = string 29 | description = "The ID of the VPC to use for the resources." 30 | } 31 | 32 | variable "asg_subnets" { 33 | description = "A list of subnet IDs to use for the resources." 34 | type = list(string) 35 | } 36 | 37 | variable "security_group_ids" { 38 | type = list(string) 39 | description = "Security group id of the ec2 instance" 40 | } 41 | 42 | variable "public_access" { 43 | description = "Whether the instance is public or not" 44 | type = bool 45 | } 46 | 47 | variable "user_data" { 48 | description = "user data script" 49 | type = string 50 | } 51 | 52 | variable "max_size" { 53 | description = "Maximum size of something" 54 | type = number 55 | } 56 | 57 | variable "min_size" { 58 | description = "Minimum size of something" 59 | type = number 60 | } 61 | 62 | variable "desired_capacity" { 63 | description = "Desired capacity of something" 64 | type = number 65 | } 66 | 67 | variable "propagate_at_launch" { 68 | description = "To enable ot disable propagate_at_launch" 69 | type = bool 70 | } 71 | 72 | variable "owner" { 73 | type = string 74 | description = "Name of owner" 75 | } 76 | 77 | variable "environment" { 78 | type = string 79 | description = "The environment name for the resources." 80 | } 81 | 82 | variable "cost_center" { 83 | type = string 84 | description = "Name of cost-center for this alb-asg" 85 | } 86 | 87 | variable "application" { 88 | type = string 89 | description = "Name of the application" 90 | } 91 | 92 | variable "alb_target_group_arn" { 93 | description = "load balancer target group arn" 94 | type = string 95 | } 96 | 97 | variable "instance_warmup_time" { 98 | description = "Time required to warm up a new instance" 99 | type = number 100 | } 101 | 102 | variable "target_value" { 103 | description = "Threshold value of asg to start scaling" 104 | type = number 105 | } -------------------------------------------------------------------------------- /modules/cloudwatch/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.aws_region 3 | } 4 | 5 | data "aws_sns_topic" "cloudwatch_sns_topic" { 6 | name = var.sns_topic_name 7 | } 8 | 9 | data "aws_autoscaling_group" "example" { 10 | count = length(var.autoscaling_group_name) > 0 ? 1 : 0 11 | name = var.autoscaling_group_name 12 | } 13 | 14 | data "aws_instances" "asg_instances" { 15 | count = length(var.autoscaling_group_name) > 0 ? 1 : 0 16 | instance_tags = { 17 | "aws:autoscaling:groupName" = data.aws_autoscaling_group.example[0].name 18 | } 19 | } 20 | 21 | locals { 22 | combined_instance_ids = distinct(concat( 23 | length(var.autoscaling_group_name) > 0 ? data.aws_instances.asg_instances[0].ids : [], 24 | var.instance_ids 25 | )) 26 | } 27 | 28 | output "instance_ids" { 29 | value = local.combined_instance_ids 30 | } 31 | 32 | data "aws_instance" "instances" { 33 | for_each = toset(local.combined_instance_ids) 34 | instance_id = each.value 35 | } 36 | 37 | locals { 38 | instance_alarms = { 39 | for id in local.combined_instance_ids : id => { 40 | disk_utilization = "demo-disk-utilization-alarm-${id}" 41 | memory_utilization = "demo-memory-utilization-alarm-${id}" 42 | cpu_utilization = "demo-cpu-utilization-alarm-${id}" 43 | status_check_fail = "demo-status-check-fail-alarm-${id}" 44 | cpu_credit_usage = "demo-cpu-credit-usage-alarm-${id}" 45 | } 46 | } 47 | } 48 | 49 | resource "aws_cloudwatch_metric_alarm" "disk_utilization_alarm" { 50 | for_each = local.instance_alarms 51 | 52 | alarm_name = each.value.disk_utilization 53 | comparison_operator = "GreaterThanOrEqualToThreshold" 54 | evaluation_periods = var.evaluation_periods 55 | metric_name = "disk_used_percent" 56 | namespace = "CWAgent" 57 | period = var.alarm_period 58 | statistic = "Average" 59 | threshold = var.alarm_threshold 60 | treat_missing_data = "missing" 61 | insufficient_data_actions = var.alarm_actions 62 | 63 | dimensions = { 64 | InstanceId = each.key 65 | device = "xvda1" 66 | fstype = "xfs" 67 | path = "/" 68 | } 69 | 70 | alarm_description = "This metric monitors EC2 disk utilization for instance ${each.key}" 71 | actions_enabled = true 72 | alarm_actions = [data.aws_sns_topic.cloudwatch_sns_topic.arn] 73 | } 74 | 75 | resource "aws_cloudwatch_metric_alarm" "memory_utilization_alarm" { 76 | for_each = local.instance_alarms 77 | 78 | alarm_name = each.value.memory_utilization 79 | comparison_operator = "GreaterThanOrEqualToThreshold" 80 | evaluation_periods = var.evaluation_periods 81 | metric_name = "mem_used_percent" 82 | namespace = "CWAgent" 83 | period = var.alarm_period 84 | statistic = "Average" 85 | threshold = var.alarm_threshold 86 | treat_missing_data = "missing" 87 | insufficient_data_actions = var.alarm_actions 88 | 89 | dimensions = { 90 | InstanceId = each.key 91 | } 92 | 93 | alarm_description = "This metric monitors EC2 memory utilization for instance ${each.key}" 94 | actions_enabled = true 95 | alarm_actions = [data.aws_sns_topic.cloudwatch_sns_topic.arn] 96 | } 97 | 98 | resource "aws_cloudwatch_metric_alarm" "cpu_utilization_alarm" { 99 | for_each = local.instance_alarms 100 | 101 | alarm_name = each.value.cpu_utilization 102 | comparison_operator = "GreaterThanOrEqualToThreshold" 103 | evaluation_periods = var.evaluation_periods 104 | metric_name = "CPUUtilization" 105 | namespace = "AWS/EC2" 106 | period = var.alarm_period 107 | statistic = "Average" 108 | threshold = var.alarm_threshold 109 | treat_missing_data = "missing" 110 | insufficient_data_actions = var.alarm_actions 111 | 112 | dimensions = { 113 | InstanceId = each.key 114 | } 115 | 116 | alarm_description = "This metric monitors EC2 CPU utilization for instance ${each.key}" 117 | actions_enabled = true 118 | alarm_actions = [data.aws_sns_topic.cloudwatch_sns_topic.arn] 119 | } 120 | 121 | resource "aws_cloudwatch_metric_alarm" "status_check_fail_alarm" { 122 | for_each = local.instance_alarms 123 | 124 | alarm_name = each.value.status_check_fail 125 | comparison_operator = "GreaterThanOrEqualToThreshold" 126 | evaluation_periods = var.evaluation_periods 127 | metric_name = "StatusCheckFailed" 128 | namespace = "AWS/EC2" 129 | period = var.alarm_period 130 | statistic = "Average" 131 | threshold = 1 132 | treat_missing_data = "missing" 133 | insufficient_data_actions = var.alarm_actions 134 | 135 | dimensions = { 136 | InstanceId = each.key 137 | } 138 | 139 | alarm_description = "This metric monitors EC2 status check failures for instance ${each.key}" 140 | actions_enabled = true 141 | alarm_actions = [data.aws_sns_topic.cloudwatch_sns_topic.arn] 142 | } 143 | 144 | resource "aws_cloudwatch_metric_alarm" "cpu_credit_usage_alarm" { 145 | for_each = local.instance_alarms 146 | 147 | alarm_name = each.value.cpu_credit_usage 148 | comparison_operator = "GreaterThanOrEqualToThreshold" 149 | evaluation_periods = var.evaluation_periods 150 | metric_name = "CPUCreditUsage" 151 | namespace = "AWS/EC2" 152 | period = var.alarm_period 153 | statistic = "Average" 154 | threshold = var.alarm_threshold 155 | treat_missing_data = "missing" 156 | insufficient_data_actions = var.alarm_actions 157 | 158 | dimensions = { 159 | InstanceId = each.key 160 | } 161 | 162 | alarm_description = "This metric monitors EC2 CPU credit usage for instance ${each.key}" 163 | actions_enabled = true 164 | alarm_actions = [data.aws_sns_topic.cloudwatch_sns_topic.arn] 165 | } 166 | -------------------------------------------------------------------------------- /modules/cloudwatch/outputs.tf: -------------------------------------------------------------------------------- 1 | output "disk_utilization_alarm_arns" { 2 | description = "The ARNs of the disk utilization CloudWatch alarms" 3 | value = { for id, alarm in aws_cloudwatch_metric_alarm.disk_utilization_alarm : id => alarm.arn } 4 | } 5 | 6 | output "memory_utilization_alarm_arns" { 7 | description = "The ARNs of the memory utilization CloudWatch alarms" 8 | value = { for id, alarm in aws_cloudwatch_metric_alarm.memory_utilization_alarm : id => alarm.arn } 9 | } 10 | 11 | output "cpu_utilization_alarm_arns" { 12 | description = "The ARNs of the CPU utilization CloudWatch alarms" 13 | value = { for id, alarm in aws_cloudwatch_metric_alarm.cpu_utilization_alarm : id => alarm.arn } 14 | } 15 | 16 | output "status_check_fail_alarm_arns" { 17 | description = "The ARNs of the status check fail CloudWatch alarms" 18 | value = { for id, alarm in aws_cloudwatch_metric_alarm.status_check_fail_alarm : id => alarm.arn } 19 | } 20 | 21 | 22 | -------------------------------------------------------------------------------- /modules/cloudwatch/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_region" { 2 | description = "The AWS region to deploy resources in" 3 | type = string 4 | default = "us-west-2" 5 | } 6 | 7 | variable "autoscaling_group_name" { 8 | description = "Name of the Auto Scaling Group" 9 | type = string 10 | default = "" 11 | } 12 | 13 | variable "sns_topic_name" { 14 | description = "The name of the SNS topic for CloudWatch alarms" 15 | type = string 16 | default = "Default_CloudWatch_Alarms_Topic" 17 | } 18 | 19 | variable "instance_ids" { 20 | description = "The ID of the EC2 instance to monitor" 21 | type = list(string) 22 | default = ["i-0644688300e6b8ce9", "i-0f6c49779bef0ec93"] 23 | } 24 | 25 | variable "alarm_threshold" { 26 | description = "The threshold for CloudWatch alarms" 27 | type = number 28 | default = 70 29 | } 30 | 31 | variable "evaluation_periods" { 32 | description = "The number of periods to evaluate" 33 | type = number 34 | default = 1 35 | } 36 | 37 | variable "alarm_period" { 38 | description = "The evaluation period for CloudWatch alarms" 39 | type = number 40 | default = 300 41 | } 42 | 43 | variable "alarm_actions" { 44 | description = "Actions to take when alarm state is triggered" 45 | type = list(string) 46 | default = [] 47 | } -------------------------------------------------------------------------------- /modules/ec2/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_instance_profile" "instance_profile" { 2 | count = var.attach_instance_profile ? 1 : 0 3 | name = "${var.environment}-${var.application}-instance-profile" 4 | 5 | role = var.iam_role 6 | } 7 | 8 | resource "aws_instance" "ec2_instance" { 9 | ami = var.ami_id 10 | instance_type = var.instance_type 11 | key_name = var.key_name 12 | count = var.instance_count 13 | 14 | iam_instance_profile = var.attach_instance_profile ? aws_iam_instance_profile.instance_profile[0].name : null 15 | 16 | associate_public_ip_address = var.associate_public_ip_address 17 | 18 | vpc_security_group_ids = var.security_group_ids 19 | 20 | subnet_id = element(var.subnet_ids, count.index % length(var.subnet_ids)) 21 | 22 | root_block_device { 23 | volume_size = var.storage_size 24 | } 25 | 26 | tags = merge( 27 | { 28 | Name = "${var.environment}-${var.application}-Instance" 29 | Environment = var.environment 30 | Owner = var.owner 31 | CostCenter = var.cost_center 32 | Application = var.application 33 | }, 34 | var.tags 35 | ) 36 | } 37 | 38 | resource "aws_eip" "instance" { 39 | count = var.attach_eip ? var.instance_count : 0 40 | 41 | instance = element(aws_instance.ec2_instance.*.id, count.index) 42 | } -------------------------------------------------------------------------------- /modules/ec2/outputs.tf: -------------------------------------------------------------------------------- 1 | output "instance_state" { 2 | description = "The state of the ec2 instance " 3 | value = aws_instance.ec2_instance.*.instance_state 4 | } 5 | 6 | output "instance_public_dns" { 7 | description = "The Public DNS address of the ec2 instance" 8 | value = aws_instance.ec2_instance.*.public_dns 9 | } 10 | 11 | output "instance_public_ip" { 12 | description = "The Public Ip address of the ec2 instance" 13 | value = aws_instance.ec2_instance.*.public_ip 14 | } 15 | 16 | output "instance_eip" { 17 | description = "EIP attach to the ec2 instance" 18 | value = aws_eip.instance[*].public_ip 19 | } -------------------------------------------------------------------------------- /modules/ec2/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | description = "Region of the ec2 instance" 4 | } 5 | 6 | variable "ami_id" { 7 | type = string 8 | description = "AMI Id of the ec2 instance" 9 | } 10 | 11 | variable "instance_type" { 12 | type = string 13 | description = "Instance type of the ec2 instance" 14 | } 15 | 16 | variable "key_name" { 17 | type = string 18 | description = "Key name of the ec2 instance" 19 | } 20 | 21 | variable "instance_count" { 22 | type = number 23 | description = "Count of the ec2 instances" 24 | } 25 | 26 | variable "subnet_ids" { 27 | type = list(string) 28 | description = "Subnet ids of the ec2 instance" 29 | } 30 | 31 | variable "tags" { 32 | default = {} 33 | type = map(string) 34 | description = "Extra tags to attach to the ec2-sg resources" 35 | } 36 | 37 | variable "environment" { 38 | type = string 39 | description = "The environment name for the resources." 40 | } 41 | 42 | variable "owner" { 43 | type = string 44 | description = "Owner's name for the resource." 45 | } 46 | 47 | variable "cost_center" { 48 | type = string 49 | description = "Cost center identifier for the resource." 50 | } 51 | 52 | variable "application" { 53 | type = string 54 | description = "Name of the application related to the resource." 55 | } 56 | 57 | variable "security_group_ids" { 58 | description = "List of security group IDs to attach to the EC2 instance." 59 | type = list(string) 60 | } 61 | 62 | variable "associate_public_ip_address" { 63 | type = bool 64 | description = "Enable or disable public ip address" 65 | } 66 | 67 | variable "attach_instance_profile" { 68 | default = false 69 | type = bool 70 | description = "Attach instance profile or not" 71 | } 72 | 73 | variable "attach_eip" { 74 | type = bool 75 | description = "Attach eip or not" 76 | } 77 | 78 | variable "storage_size" { 79 | type = number 80 | description = "Storage size of the instance" 81 | } 82 | 83 | variable "iam_role" { 84 | default = null 85 | description = "IAM role for the instance" 86 | type = string 87 | } -------------------------------------------------------------------------------- /modules/eks/addons.tf: -------------------------------------------------------------------------------- 1 | resource "aws_eks_addon" "coredns" { 2 | cluster_name = aws_eks_cluster.eks_cluster.name 3 | addon_name = "coredns" 4 | addon_version = var.eks_addons["coredns"] 5 | resolve_conflicts_on_update = "PRESERVE" 6 | } 7 | 8 | resource "aws_iam_role" "vpc_cni_role" { 9 | assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json 10 | name = "vpc-cni-role" 11 | } 12 | 13 | resource "aws_iam_role_policy_attachment" "vpc_cni_policy" { 14 | policy_arn = var.policy_arns[3] 15 | role = aws_iam_role.vpc_cni_role.name 16 | } 17 | 18 | resource "aws_eks_addon" "vpc-cni" { 19 | cluster_name = aws_eks_cluster.eks_cluster.name 20 | addon_name = "vpc-cni" 21 | addon_version = var.eks_addons["vpc-cni"] 22 | resolve_conflicts_on_update = "PRESERVE" 23 | service_account_role_arn = aws_iam_role.vpc_cni_role.arn 24 | } 25 | 26 | resource "aws_eks_addon" "kube-proxy" { 27 | cluster_name = aws_eks_cluster.eks_cluster.name 28 | addon_name = "kube-proxy" 29 | addon_version = var.eks_addons["kube-proxy"] 30 | resolve_conflicts_on_update = "PRESERVE" 31 | } 32 | 33 | resource "aws_eks_addon" "eks-pod-identity-agent" { 34 | cluster_name = aws_eks_cluster.eks_cluster.name 35 | addon_name = "eks-pod-identity-agent" 36 | addon_version = var.eks_addons["eks-pod-identity-agent"] 37 | resolve_conflicts_on_update = "PRESERVE" 38 | } 39 | 40 | resource "aws_eks_node_group" "node_group" { 41 | cluster_name = aws_eks_cluster.eks_cluster.name 42 | node_group_name = var.node_group_name 43 | version = aws_eks_cluster.eks_cluster.version 44 | node_role_arn = aws_iam_role.node-group-iam-role.arn 45 | subnet_ids = var.vpc_subnets 46 | capacity_type = "ON_DEMAND" 47 | disk_size = var.node_disk_size 48 | instance_types = var.node_instance_type 49 | 50 | scaling_config { 51 | desired_size = 1 52 | max_size = 2 53 | min_size = 1 54 | } 55 | 56 | update_config { 57 | max_unavailable = 1 58 | } 59 | 60 | depends_on = [ 61 | aws_iam_role_policy_attachment.AmazonEKSWorkerNodePolicy, 62 | aws_iam_role_policy_attachment.AmazonEKS_CNI_Policy, 63 | aws_iam_role_policy_attachment.AmazonEC2ContainerRegistryReadOnly, 64 | ] 65 | } 66 | 67 | resource "aws_iam_role" "node-group-iam-role" { 68 | name = "eks-node-group-role" 69 | 70 | assume_role_policy = jsonencode({ 71 | Statement = [{ 72 | Action = "sts:AssumeRole" 73 | Effect = "Allow" 74 | Principal = { 75 | Service = "ec2.amazonaws.com" 76 | } 77 | }] 78 | Version = "2012-10-17" 79 | }) 80 | } 81 | 82 | resource "aws_iam_role_policy_attachment" "AmazonEKSWorkerNodePolicy" { 83 | policy_arn = var.policy_arns[2] 84 | role = aws_iam_role.node-group-iam-role.name 85 | } 86 | 87 | resource "aws_iam_role_policy_attachment" "AmazonEKS_CNI_Policy" { 88 | policy_arn = var.policy_arns[3] 89 | role = aws_iam_role.node-group-iam-role.name 90 | } 91 | 92 | resource "aws_iam_role_policy_attachment" "AmazonEC2ContainerRegistryReadOnly" { 93 | policy_arn = var.policy_arns[4] 94 | role = aws_iam_role.node-group-iam-role.name 95 | } 96 | 97 | resource "aws_eks_access_entry" "access_entry" { 98 | cluster_name = aws_eks_cluster.eks_cluster.name 99 | principal_arn = var.principal_arn 100 | kubernetes_groups = var.kubernetes_groups 101 | type = "STANDARD" 102 | } 103 | 104 | resource "aws_eks_access_policy_association" "access_association" { 105 | cluster_name = aws_eks_cluster.eks_cluster.name 106 | policy_arn = var.access_policy_arn 107 | principal_arn = aws_eks_access_entry.access_entry.principal_arn 108 | 109 | access_scope { 110 | type = "cluster" 111 | } 112 | } 113 | 114 | -------------------------------------------------------------------------------- /modules/eks/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_eks_cluster" "eks_cluster" { 2 | name = var.cluster_name 3 | role_arn = aws_iam_role.cluster_role.arn 4 | 5 | vpc_config { 6 | subnet_ids = var.vpc_subnets 7 | endpoint_private_access = true 8 | endpoint_public_access = true 9 | } 10 | 11 | access_config { 12 | authentication_mode = "API_AND_CONFIG_MAP" 13 | bootstrap_cluster_creator_admin_permissions = true 14 | } 15 | 16 | depends_on = [ 17 | aws_iam_role_policy_attachment.AmazonEKSClusterPolicy, 18 | aws_iam_role_policy_attachment.AmazonEKSVPCResourceController, 19 | ] 20 | } 21 | 22 | output "endpoint" { 23 | value = aws_eks_cluster.eks_cluster.endpoint 24 | } 25 | 26 | output "kubeconfig-certificate-authority-data" { 27 | value = aws_eks_cluster.eks_cluster.certificate_authority[0].data 28 | } 29 | 30 | data "aws_iam_policy_document" "assume_role" { 31 | statement { 32 | effect = "Allow" 33 | 34 | principals { 35 | type = "Service" 36 | identifiers = ["eks.amazonaws.com"] 37 | } 38 | 39 | actions = ["sts:AssumeRole"] 40 | } 41 | } 42 | 43 | resource "aws_iam_role" "cluster_role" { 44 | name = var.role_name 45 | assume_role_policy = data.aws_iam_policy_document.assume_role.json 46 | } 47 | 48 | resource "aws_iam_role_policy_attachment" "AmazonEKSClusterPolicy" { 49 | policy_arn = var.policy_arns[0] 50 | role = aws_iam_role.cluster_role.name 51 | } 52 | 53 | resource "aws_iam_role_policy_attachment" "AmazonEKSVPCResourceController" { 54 | policy_arn = var.policy_arns[1] 55 | role = aws_iam_role.cluster_role.name 56 | } 57 | 58 | data "tls_certificate" "tls_cert" { 59 | url = aws_eks_cluster.eks_cluster.identity[0].oidc[0].issuer 60 | } 61 | 62 | resource "aws_iam_openid_connect_provider" "eks_oidc_provider" { 63 | client_id_list = ["sts.amazonaws.com"] 64 | thumbprint_list = [data.tls_certificate.tls_cert.certificates[0].sha1_fingerprint] 65 | url = data.tls_certificate.tls_cert.url 66 | } 67 | 68 | data "aws_iam_policy_document" "assume_role_policy" { 69 | statement { 70 | actions = ["sts:AssumeRoleWithWebIdentity"] 71 | effect = "Allow" 72 | 73 | condition { 74 | test = "StringEquals" 75 | variable = "${replace(aws_iam_openid_connect_provider.eks_oidc_provider.url, "https://", "")}:sub" 76 | values = ["system:serviceaccount:kube-system:aws-node"] 77 | } 78 | 79 | principals { 80 | identifiers = [aws_iam_openid_connect_provider.eks_oidc_provider.arn] 81 | type = "Federated" 82 | } 83 | } 84 | } 85 | 86 | -------------------------------------------------------------------------------- /modules/eks/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cluster_name" { 2 | description = "The name of the EKS cluster" 3 | value = aws_eks_cluster.eks_cluster.name 4 | } 5 | 6 | output "cluster_endpoint" { 7 | description = "The endpoint of the EKS cluster" 8 | value = aws_eks_cluster.eks_cluster.endpoint 9 | } 10 | 11 | output "cluster_certificate_authority_data" { 12 | description = "The certificate authority data for the cluster" 13 | value = aws_eks_cluster.eks_cluster.certificate_authority[0].data 14 | } 15 | 16 | output "cluster_arn" { 17 | description = "The ARN of the EKS cluster" 18 | value = aws_eks_cluster.eks_cluster.arn 19 | } 20 | 21 | output "oidc_provider_arn" { 22 | description = "The ARN of the OIDC provider" 23 | value = aws_iam_openid_connect_provider.eks_oidc_provider.arn 24 | } 25 | 26 | output "node_group_name" { 27 | description = "The name of the EKS node group" 28 | value = aws_eks_node_group.node_group.node_group_name 29 | } 30 | 31 | output "node_group_instance_types" { 32 | description = "The instance types used in the EKS node group" 33 | value = aws_eks_node_group.node_group.instance_types 34 | } 35 | 36 | output "node_group_disk_size" { 37 | description = "The disk size for the EKS node group instances" 38 | value = aws_eks_node_group.node_group.disk_size 39 | } 40 | 41 | output "iam_role_name" { 42 | description = "The name of the IAM role used for the EKS cluster" 43 | value = aws_iam_role.cluster_role.name 44 | } 45 | 46 | output "vpc_subnets" { 47 | description = "The VPC subnets used by the EKS cluster" 48 | value = aws_eks_cluster.eks_cluster.vpc_config[0].subnet_ids 49 | } 50 | 51 | output "coredns_addon_version" { 52 | description = "The version of the CoreDNS addon" 53 | value = aws_eks_addon.coredns.addon_version 54 | } 55 | 56 | output "vpc_cni_addon_version" { 57 | description = "The version of the VPC CNI addon" 58 | value = aws_eks_addon.vpc-cni.addon_version 59 | } 60 | 61 | output "kube_proxy_addon_version" { 62 | description = "The version of the kube-proxy addon" 63 | value = aws_eks_addon.kube-proxy.addon_version 64 | } 65 | 66 | output "eks_pod_identity_agent_addon_version" { 67 | description = "The version of the EKS Pod Identity Agent addon" 68 | value = aws_eks_addon.eks-pod-identity-agent.addon_version 69 | } 70 | 71 | output "access_entry_principal_arn" { 72 | description = "The ARN of the principal for the access entry" 73 | value = aws_eks_access_entry.access_entry.principal_arn 74 | } 75 | 76 | output "access_policy_arn" { 77 | description = "The ARN of the access policy associated with the EKS cluster" 78 | value = aws_eks_access_policy_association.access_association.policy_arn 79 | } 80 | -------------------------------------------------------------------------------- /modules/eks/variables.tf: -------------------------------------------------------------------------------- 1 | variable "cluster_name" { 2 | description = "The name of the EKS cluster" 3 | type = string 4 | } 5 | 6 | variable "role_name" { 7 | description = "Name of the IAM role for EKS" 8 | type = string 9 | } 10 | 11 | variable "vpc_subnets" { 12 | description = "List of VPC subnet IDs" 13 | type = list(string) 14 | } 15 | 16 | variable "node_group_name" { 17 | description = "The name of the node group" 18 | type = string 19 | } 20 | 21 | variable "node_instance_type" { 22 | description = "EC2 instance type for the node group" 23 | type = list(string) 24 | } 25 | 26 | variable "node_disk_size" { 27 | description = "Disk size for the node group instances" 28 | type = number 29 | } 30 | 31 | variable "policy_arns" { 32 | description = "List of IAM policy ARNs to attach to the roles" 33 | type = list(string) 34 | } 35 | 36 | variable "eks_addons" { 37 | description = "List of EKS addons and their versions" 38 | type = map(string) 39 | } 40 | 41 | variable "principal_arn" { 42 | description = "The ARN of the principal" 43 | type = string 44 | } 45 | 46 | variable "kubernetes_groups" { 47 | description = "Kubernetes groups" 48 | type = list(string) 49 | } 50 | 51 | variable "access_policy_arn" { 52 | description = "The ARN of the access policy" 53 | type = string 54 | } 55 | -------------------------------------------------------------------------------- /modules/iam-policy/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role" "iam_role" { 2 | name = "${var.environment}-${var.application}-iam-role" 3 | assume_role_policy = jsonencode({ 4 | Version = "2012-10-17" 5 | Statement = [ 6 | { 7 | Action = "sts:AssumeRole" 8 | Effect = "Allow" 9 | Principal = { 10 | Service = "iam.amazonaws.com" 11 | } 12 | } 13 | ] 14 | }) 15 | tags = merge( 16 | { 17 | Name = "${var.environment}-${var.application}-iam-role", 18 | Environment = var.environment, 19 | Owner = var.owner, 20 | CostCenter = var.cost_center, 21 | Application = var.application 22 | }, 23 | var.tags 24 | ) 25 | } 26 | 27 | resource "aws_iam_policy" "iam_policy" { 28 | name = "${var.environment}-${var.application}-iam-policy" 29 | policy = file("${path.module}../../../infra/iam-policies/${var.iam_policy_json_file}") 30 | } 31 | 32 | resource "aws_iam_role_policy_attachment" "iam_role_policy_attachment" { 33 | role = aws_iam_role.iam_role.name 34 | policy_arn = aws_iam_policy.iam_policy.arn 35 | } 36 | -------------------------------------------------------------------------------- /modules/iam-policy/outputs.tf: -------------------------------------------------------------------------------- 1 | output "iam_role" { 2 | description = "iam role name" 3 | value = aws_iam_role.iam_role.name 4 | } -------------------------------------------------------------------------------- /modules/iam-policy/variables.tf: -------------------------------------------------------------------------------- 1 | variable "tags" { 2 | default = {} 3 | type = map(string) 4 | description = "Extra tags to attach to the iam-policy" 5 | } 6 | 7 | variable "owner" { 8 | type = string 9 | description = "Name of owner" 10 | } 11 | 12 | variable "environment" { 13 | type = string 14 | description = "The environment name for the resources." 15 | } 16 | 17 | variable "cost_center" { 18 | type = string 19 | description = "Name of cost-center for this alb-asg" 20 | } 21 | 22 | variable "application" { 23 | type = string 24 | description = "Name of the application" 25 | } 26 | 27 | variable "iam_policy_json_file" { 28 | type = string 29 | description = "Name of the json file" 30 | } -------------------------------------------------------------------------------- /modules/rds/main.tf: -------------------------------------------------------------------------------- 1 | # Create a DB security group 2 | resource "aws_security_group" "rds_security_group" { 3 | name = "${var.environment}-${var.application}-rds-sg" 4 | description = "Security group for RDS instance" 5 | 6 | ingress { 7 | from_port = var.from_port 8 | to_port = var.to_port 9 | protocol = var.protocol 10 | cidr_blocks = var.cidr_block 11 | } 12 | 13 | egress { 14 | from_port = 0 15 | to_port = 0 16 | protocol = "-1" 17 | cidr_blocks = ["0.0.0.0/0"] 18 | } 19 | 20 | tags = merge( 21 | { 22 | Name = "${var.environment}-${var.application}-rds-sg", 23 | Environment = var.environment, 24 | Owner = var.owner, 25 | CostCenter = var.cost_center, 26 | Application = var.application, 27 | }, 28 | var.tags 29 | ) 30 | } 31 | 32 | resource "aws_db_subnet_group" "rds_subnet_group" { 33 | name = "${var.environment}-${var.application}-subnet-group" 34 | subnet_ids = var.subnet_ids 35 | } 36 | 37 | resource "aws_db_instance" "rds_instance" { 38 | identifier = "${var.environment}-${var.application}-db" 39 | engine = var.db_engine 40 | instance_class = var.db_instance_class 41 | allocated_storage = var.db_storage_size 42 | storage_type = var.db_storage_type 43 | manage_master_user_password = var.set_secret_manager_password ? true : null 44 | username = var.db_username 45 | password = var.set_db_password ? var.db_password : null 46 | db_subnet_group_name = aws_db_subnet_group.rds_subnet_group.name 47 | vpc_security_group_ids = [aws_security_group.rds_security_group.id] 48 | backup_retention_period = var.backup_retention_period 49 | multi_az = var.multi_az 50 | delete_automated_backups = var.delete_automated_backups 51 | copy_tags_to_snapshot = var.copy_tags_to_snapshot 52 | publicly_accessible = var.publicly_accessible 53 | skip_final_snapshot = var.skip_final_snapshot 54 | apply_immediately = var.apply_immediately 55 | 56 | tags = merge( 57 | { 58 | Name = "${var.environment}-${var.application}-db", 59 | Environment = var.environment, 60 | Owner = var.owner, 61 | CostCenter = var.cost_center, 62 | Application = var.application, 63 | }, 64 | var.tags 65 | ) 66 | } 67 | 68 | -------------------------------------------------------------------------------- /modules/rds/outputs.tf: -------------------------------------------------------------------------------- 1 | output "rds_address" { 2 | description = "The address of the RDS instance" 3 | value = aws_db_instance.rds_instance.address 4 | } 5 | 6 | output "rds_endpoint" { 7 | description = "The address of the RDS instance" 8 | value = aws_db_instance.rds_instance.endpoint 9 | } 10 | 11 | output "master_user_secret" { 12 | description = "The address of the RDS instance" 13 | value = aws_db_instance.rds_instance.master_user_secret[0].secret_arn 14 | } 15 | -------------------------------------------------------------------------------- /modules/rds/variables.tf: -------------------------------------------------------------------------------- 1 | variable "tags" { 2 | default = {} 3 | type = map(string) 4 | description = "Extra tags to attach to the RDS resources" 5 | } 6 | 7 | variable "update_rds_endpoint" { 8 | type = bool 9 | default = true 10 | } 11 | 12 | variable "region" { 13 | type = string 14 | description = "Region of the rds" 15 | } 16 | 17 | variable "environment" { 18 | description = "The environment name for the resources." 19 | } 20 | 21 | variable "owner" { 22 | type = string 23 | description = "Name of the owner for this RDS" 24 | } 25 | 26 | variable "application" { 27 | type = string 28 | description = "Name of the application" 29 | } 30 | 31 | variable "cost_center" { 32 | type = string 33 | description = "Name of cost-center for this RDS" 34 | } 35 | 36 | 37 | variable "cidr_block" { 38 | type = list(string) 39 | description = "CIDR block for RDS security group" 40 | } 41 | 42 | variable "db_username" { 43 | description = "The username for the RDS database" 44 | type = string 45 | } 46 | 47 | variable "set_secret_manager_password" { 48 | description = "To enable master user password or not" 49 | type = bool 50 | default = false 51 | } 52 | 53 | variable "db_password" { 54 | description = "Password for RDS" 55 | type = string 56 | } 57 | 58 | variable "db_instance_class" { 59 | description = "The RDS instance class" 60 | type = string 61 | } 62 | 63 | variable "set_db_password" { 64 | description = "Condition to check for custom password" 65 | type = string 66 | } 67 | 68 | variable "db_storage_size" { 69 | description = "The allocated storage size for the RDS instance." 70 | type = number 71 | } 72 | 73 | variable "backup_retention_period" { 74 | description = "The number of days to retain automated backups." 75 | type = number 76 | } 77 | 78 | variable "multi_az" { 79 | description = "Enable multi-AZ deployment for the RDS instance." 80 | type = bool 81 | } 82 | 83 | variable "delete_automated_backups" { 84 | description = "Enable deletion of automated backups when the RDS instance is deleted." 85 | type = bool 86 | } 87 | 88 | variable "copy_tags_to_snapshot" { 89 | description = "Copy tags to DB snapshots created from the RDS instance." 90 | type = bool 91 | } 92 | 93 | variable "publicly_accessible" { 94 | description = "Allow the RDS instance to be publicly accessible." 95 | type = bool 96 | } 97 | 98 | variable "skip_final_snapshot" { 99 | description = "Skip the creation of a final DB snapshot when the RDS instance is deleted." 100 | type = bool 101 | } 102 | 103 | variable "apply_immediately" { 104 | description = "Apply changes immediately to the RDS instance." 105 | type = bool 106 | } 107 | 108 | variable "db_engine" { 109 | description = "The database engine" 110 | type = string 111 | } 112 | 113 | variable "db_storage_type" { 114 | description = "The storage type for the database" 115 | type = string 116 | } 117 | 118 | variable "from_port" { 119 | description = "The starting port for ingress rules" 120 | type = number 121 | } 122 | 123 | variable "to_port" { 124 | description = "The ending port for ingress rules" 125 | type = number 126 | } 127 | 128 | variable "protocol" { 129 | description = "The protocol for ingress rules" 130 | type = string 131 | } 132 | 133 | 134 | variable "subnet_ids" { 135 | description = "The IDs of the subnets" 136 | type = list(string) 137 | } 138 | -------------------------------------------------------------------------------- /modules/route53/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route53_zone" "dns_zone" { 2 | name = var.dns_domain_name 3 | 4 | tags = merge( 5 | { 6 | Name = "${var.environment}-${var.application}-hosted-zone" 7 | Environment = var.environment 8 | Owner = var.owner 9 | CostCenter = var.cost_center 10 | Application = var.application 11 | }, 12 | var.tags 13 | ) 14 | } 15 | -------------------------------------------------------------------------------- /modules/route53/outputs.tf: -------------------------------------------------------------------------------- 1 | output "zone_id" { 2 | description = "The Zone ID of the Hosted Zone" 3 | value = aws_route53_zone.dns_zone.zone_id 4 | } 5 | 6 | output "name_servers" { 7 | description = "The list of Name Servers of the Hosted Zone" 8 | value = aws_route53_zone.dns_zone.name_servers 9 | } 10 | 11 | output "tags_all" { 12 | description = "The list of Tags associated with the Hosted Zone" 13 | value = aws_route53_zone.dns_zone.tags_all 14 | } -------------------------------------------------------------------------------- /modules/route53/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | description = "The AWS region where the Certificate Manager will be used." 4 | } 5 | 6 | variable "tags" { 7 | default = {} 8 | type = map(string) 9 | description = "A map of extra tags to attach to the AWS resources." 10 | } 11 | 12 | variable "name" { 13 | type = string 14 | description = "A user-defined name for the AWS resources." 15 | } 16 | 17 | variable "environment" { 18 | type = string 19 | description = "The name of the environment associated with the AWS resources." 20 | } 21 | 22 | variable "owner" { 23 | type = string 24 | description = "The name of the owner or responsible party for the AWS resources." 25 | } 26 | 27 | variable "cost_center" { 28 | type = string 29 | description = "The identifier for the cost center associated with the AWS resources." 30 | } 31 | 32 | variable "application" { 33 | type = string 34 | description = "The name of the application or project related to the AWS resources." 35 | } 36 | 37 | variable "dns_domain_name" { 38 | type = string 39 | description = "Domain name of the Route 53" 40 | } -------------------------------------------------------------------------------- /modules/security-group/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "instance_sg" { 2 | name = "${var.environment}-${var.application}" 3 | description = "Security Group for Instance" 4 | vpc_id = var.vpc_id 5 | 6 | # Ingress rules for CIDR blocks 7 | dynamic "ingress" { 8 | for_each = var.create_ingress_cidr ? toset(range(length(var.ingress_cidr_from_port))) : [] 9 | content { 10 | from_port = var.ingress_cidr_from_port[ingress.key] 11 | to_port = var.ingress_cidr_to_port[ingress.key] 12 | protocol = var.ingress_cidr_protocol[ingress.key] 13 | cidr_blocks = var.ingress_cidr_block 14 | } 15 | } 16 | 17 | # Ingress rules for Security Groups 18 | dynamic "ingress" { 19 | for_each = var.create_ingress_sg ? toset(range(length(var.ingress_sg_from_port))) : [] 20 | content { 21 | from_port = var.ingress_sg_from_port[ingress.key] 22 | to_port = var.ingress_sg_to_port[ingress.key] 23 | protocol = var.ingress_sg_protocol[ingress.key] 24 | security_groups = var.ingress_security_group_ids 25 | } 26 | } 27 | 28 | # Egress rules for CIDR blocks 29 | dynamic "egress" { 30 | for_each = var.create_egress_cidr ? toset(range(length(var.egress_cidr_from_port))) : [] 31 | content { 32 | from_port = var.egress_cidr_from_port[egress.key] 33 | to_port = var.egress_cidr_to_port[egress.key] 34 | protocol = var.egress_cidr_protocol[egress.key] 35 | cidr_blocks = var.egress_cidr_block 36 | } 37 | } 38 | 39 | # Egress rules for Security Groups 40 | dynamic "egress" { 41 | for_each = var.create_egress_sg ? toset(range(length(var.egress_sg_from_port))) : [] 42 | content { 43 | from_port = var.egress_sg_from_port[egress.key] 44 | to_port = var.egress_sg_to_port[egress.key] 45 | protocol = var.egress_sg_protocol[egress.key] 46 | security_groups = var.egress_security_group_ids 47 | } 48 | } 49 | 50 | tags = merge( 51 | { 52 | Name = "${var.environment}-${var.application}" 53 | Environment = var.environment 54 | Owner = var.owner 55 | CostCenter = var.cost_center 56 | Application = var.application 57 | }, 58 | var.tags 59 | ) 60 | 61 | } -------------------------------------------------------------------------------- /modules/security-group/outputs.tf: -------------------------------------------------------------------------------- 1 | output "security_group_ids" { 2 | description = "ID of the security group." 3 | value = aws_security_group.instance_sg.*.id 4 | } -------------------------------------------------------------------------------- /modules/security-group/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | description = "Region of the security group." 4 | } 5 | 6 | variable "vpc_id" { 7 | type = string 8 | description = "ID of the VPC associated with the security group." 9 | } 10 | 11 | variable "tags" { 12 | default = {} 13 | type = map(string) 14 | description = "Extra tags to attach to the EC2 security group resources." 15 | } 16 | 17 | variable "environment" { 18 | type = string 19 | description = "The environment name for the resources." 20 | } 21 | 22 | variable "owner" { 23 | type = string 24 | description = "Owner's name for the resource." 25 | } 26 | 27 | variable "cost_center" { 28 | type = string 29 | description = "Cost center identifier for the resource." 30 | } 31 | 32 | variable "application" { 33 | type = string 34 | description = "Name of the application related to the resource." 35 | } 36 | 37 | variable "ingress_cidr_from_port" { 38 | type = list(number) 39 | description = "List of starting ports for cidr ingress rules of the EC2 security group." 40 | } 41 | 42 | variable "ingress_cidr_to_port" { 43 | type = list(number) 44 | description = "List of ending ports for cidr ingress rules of the EC2 security group." 45 | } 46 | 47 | variable "ingress_cidr_protocol" { 48 | type = list(string) 49 | description = "List of protocols for cidr ingress rules of the EC2 security group." 50 | } 51 | 52 | variable "ingress_cidr_block" { 53 | type = list(string) 54 | description = "List of CIDR blocks for cidr ingress rules of the EC2 security group." 55 | } 56 | 57 | variable "ingress_sg_from_port" { 58 | type = list(number) 59 | description = "List of starting ports for sg ingress rules of the EC2 security group." 60 | } 61 | 62 | variable "ingress_sg_to_port" { 63 | type = list(number) 64 | description = "List of ending ports for sg ingress rules of the EC2 security group." 65 | } 66 | 67 | variable "ingress_sg_protocol" { 68 | type = list(string) 69 | description = "List of protocols for sg ingress rules of the EC2 security group." 70 | } 71 | 72 | variable "ingress_security_group_ids" { 73 | type = list(string) 74 | default = [ "sg-0fe4363da3994c100" ] 75 | description = "List of Security Group ids for sg ingress rules of the EC2 security group." 76 | } 77 | 78 | variable "egress_cidr_from_port" { 79 | type = list(number) 80 | description = "List of starting ports for cidr egress rules of the EC2 security group." 81 | } 82 | 83 | variable "egress_cidr_to_port" { 84 | type = list(number) 85 | description = "List of ending ports for cidr egress rules of the EC2 security group." 86 | } 87 | 88 | variable "egress_cidr_protocol" { 89 | type = list(any) 90 | description = "List of protocols for cidr egress rules of the EC2 security group." 91 | } 92 | 93 | variable "egress_cidr_block" { 94 | type = list(string) 95 | description = "List of CIDR blocks for cidr egress rules of the EC2 security group." 96 | } 97 | 98 | variable "egress_sg_from_port" { 99 | type = list(number) 100 | description = "List of starting ports for sg egress rules of the EC2 security group." 101 | } 102 | 103 | variable "egress_sg_to_port" { 104 | type = list(number) 105 | description = "List of ending ports for sg egress rules of the EC2 security group." 106 | } 107 | 108 | variable "egress_sg_protocol" { 109 | type = list(any) 110 | description = "List of protocols for sg egress rules of the EC2 security group." 111 | } 112 | 113 | variable "egress_security_group_ids" { 114 | type = list(string) 115 | default = [ "sg-0fe4363da3994c100" ] 116 | description = "List of Security Group ids for sg egress rules of the EC2 security group." 117 | } 118 | 119 | variable "create_ingress_cidr" { 120 | type = bool 121 | description = "Enable or disable CIDR block ingress rules." 122 | } 123 | 124 | variable "create_ingress_sg" { 125 | type = bool 126 | description = "Enable or disable Security Groups ingress rules." 127 | } 128 | 129 | variable "create_egress_cidr" { 130 | type = bool 131 | description = "Enable or disable CIDR block egress rules." 132 | } 133 | 134 | variable "create_egress_sg" { 135 | type = bool 136 | description = "Enable or disable Security Groups egress rules." 137 | } -------------------------------------------------------------------------------- /modules/ses/main.tf: -------------------------------------------------------------------------------- 1 | #Domain Identity 2 | resource "aws_ses_domain_identity" "domain_identity" { 3 | domain = var.domain_name 4 | } 5 | 6 | #Domain Identity Verification 7 | resource "aws_ses_domain_identity_verification" "domain_verification" { 8 | domain = aws_ses_domain_identity.domain_identity.domain 9 | } 10 | 11 | #DKIM Authentication 12 | resource "aws_ses_domain_dkim" "dkim_authentication" { 13 | domain = aws_ses_domain_identity.domain_identity.domain 14 | } 15 | 16 | resource "aws_route53_record" "dkim_record" { 17 | count = var.dkim_record_count 18 | zone_id = var.zone_id 19 | name = "${aws_ses_domain_dkim.dkim_authentication.dkim_tokens[count.index]}._domainkey" 20 | type = var.dkim_record_type 21 | ttl = var.dkim_ttl 22 | records = ["${aws_ses_domain_dkim.dkim_authentication.dkim_tokens[count.index]}.dkim.amazonses.com"] 23 | } 24 | 25 | #DOMAIN MAIL FROM 26 | resource "aws_ses_domain_mail_from" "domain_mail" { 27 | domain = aws_ses_domain_identity.domain_identity.domain 28 | mail_from_domain = "${var.custom_mail}.${aws_ses_domain_identity.domain_identity.domain}" 29 | } 30 | 31 | #SPF Authentication 32 | data "aws_region" "current_region" {} 33 | 34 | resource "aws_route53_record" "ses_domain_mail_from_mx" { 35 | zone_id = var.zone_id 36 | name = aws_ses_domain_mail_from.domain_mail.mail_from_domain 37 | type = var.spf_mx_record 38 | ttl = var.spf_ttl 39 | records = [format("10 feedback-smtp.%s.amazonses.com", data.aws_region.current_region.name)] 40 | } 41 | 42 | resource "aws_route53_record" "ses_domain_mail_from_txt" { 43 | zone_id = var.zone_id 44 | name = aws_ses_domain_mail_from.domain_mail.mail_from_domain 45 | type = var.spf_txt_record 46 | ttl = var.spf_ttl 47 | records = ["v=spf1 include:amazonses.com ~all"] 48 | } 49 | 50 | #SMTP Credentials 51 | resource "aws_iam_user" "iam_user" { 52 | name = "${var.application}-SMTP-user" 53 | 54 | tags = merge( 55 | { 56 | Name = var.name 57 | Environment = var.environment 58 | Owner = var.owner 59 | CostCenter = var.cost_center 60 | Application = var.application 61 | }, 62 | var.tags 63 | ) 64 | } 65 | 66 | resource "aws_iam_access_key" "access_key" { 67 | user = aws_iam_user.iam_user.name 68 | } 69 | 70 | data "aws_iam_policy_document" "ses_iam_policy" { 71 | statement { 72 | actions = ["ses:SendRawEmail"] 73 | resources = ["*"] 74 | } 75 | } 76 | 77 | resource "aws_iam_user_policy" "ses_user_policy" { 78 | name = "ses-user-policy" 79 | user = aws_iam_user.iam_user.name 80 | policy = data.aws_iam_policy_document.ses_iam_policy.json 81 | 82 | } 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | -------------------------------------------------------------------------------- /modules/ses/output.tf: -------------------------------------------------------------------------------- 1 | output "domain_identity_token" { 2 | description = "Domain identity tokens" 3 | value = aws_ses_domain_identity.domain_identity.verification_token 4 | } 5 | 6 | output "domain_verification" { 7 | description = "Verification status of the domain identity" 8 | value = aws_ses_domain_identity_verification.domain_verification.id 9 | } 10 | 11 | output "dkim_tokens" { 12 | description = "DKIM tokens for domain identity" 13 | value = aws_ses_domain_dkim.dkim_authentication.dkim_tokens 14 | } 15 | 16 | output "domain_mail" { 17 | description = "Email address associated with the domain identity" 18 | value = aws_ses_domain_mail_from.domain_mail.id 19 | } 20 | 21 | output "route53_dkim_fqdn" { 22 | description = "FQDN for the Route 53 DKIM DNS record" 23 | value = aws_route53_record.dkim_record.*.fqdn 24 | } 25 | 26 | output "route53_spf_mx_fqdn" { 27 | description = "FQDN for the Route 53 SPF MX DNS record" 28 | value = aws_route53_record.ses_domain_mail_from_mx.fqdn 29 | } 30 | 31 | output "route53_spf_txt_fqdn" { 32 | description = "FQDN for the Route 53 SPF TXT DNS record" 33 | value = aws_route53_record.ses_domain_mail_from_txt.fqdn 34 | } 35 | 36 | output "iam_user_name" { 37 | description = "IAM user name associated with SES" 38 | value = aws_iam_user.iam_user.name 39 | } 40 | 41 | output "iam_user_policy" { 42 | description = "IAM policy associated with the IAM user" 43 | value = aws_iam_user_policy.ses_user_policy.name 44 | } 45 | 46 | -------------------------------------------------------------------------------- /modules/ses/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | description = "Region of the EC2 instance" 4 | } 5 | 6 | variable "domain_name" { 7 | type = string 8 | description = "Name of the domain" 9 | } 10 | 11 | variable "dkim_record_count" { 12 | type = number 13 | description = "Number of DKIM records to create" 14 | } 15 | 16 | variable "zone_id" { 17 | type = string 18 | description = "ID of the DNS zone where records will be added" 19 | } 20 | 21 | variable "dkim_record_type" { 22 | type = string 23 | description = "Type of DKIM records to create" 24 | } 25 | 26 | variable "dkim_ttl" { 27 | type = number 28 | description = "Time To Live (TTL) for DKIM records" 29 | } 30 | 31 | variable "custom_mail" { 32 | type = string 33 | description = "Custom email address to associate with the domain" 34 | } 35 | 36 | variable "spf_mx_record" { 37 | type = string 38 | description = "SPF MX record value for domain" 39 | } 40 | 41 | variable "spf_txt_record" { 42 | type = string 43 | description = "SPF TXT record value for domain" 44 | } 45 | 46 | variable "spf_ttl" { 47 | type = number 48 | description = "Time To Live (TTL) for SPF records" 49 | } 50 | 51 | variable "tags" { 52 | default = {} 53 | type = map(string) 54 | description = "Tags to associate with the resources" 55 | } 56 | 57 | variable "name" { 58 | type = string 59 | description = "Name of the resource" 60 | } 61 | 62 | variable "environment" { 63 | type = string 64 | description = "Environment where the resource is deployed" 65 | } 66 | 67 | variable "owner" { 68 | type = string 69 | description = "Owner of the resource" 70 | } 71 | 72 | variable "cost_center" { 73 | type = string 74 | description = "Cost center responsible for the resource" 75 | } 76 | 77 | variable "application" { 78 | type = string 79 | description = "Application to which the resource belongs" 80 | } 81 | -------------------------------------------------------------------------------- /modules/tag-policy/main.tf: -------------------------------------------------------------------------------- 1 | # Provider Configuration 2 | provider "aws" { 3 | region = var.region 4 | } 5 | 6 | # Create Tag Policy 7 | resource "aws_organizations_policy" "tag_policy" { 8 | name = var.policy_name 9 | description = "Resource Provision" 10 | 11 | content = jsonencode({ 12 | "tags" = { 13 | "Name" = { 14 | "tag_key" = { "@@assign" = var.name_tag_key }, 15 | "enforced_for" = { "@@assign" = var.enforce_for_values } 16 | }, 17 | "Environment" = { 18 | "tag_key" = { "@@assign" = var.environment_tag_key }, 19 | "enforced_for" = { "@@assign" = var.enforce_for_values } 20 | }, 21 | "Owner" = { 22 | "tag_key" = { "@@assign" = var.owner_tag_key }, 23 | "tag_value" = { "@@assign" = var.owner_tag_value }, 24 | "enforced_for" = { "@@assign" = var.enforce_for_values } 25 | }, 26 | "CostCenter" = { 27 | "tag_key" = { "@@assign" = var.costcenter_tag_key }, 28 | "tag_value" = { "@@assign" = var.costcenter_tag_value }, 29 | "enforced_for" = { "@@assign" = var.enforce_for_values } 30 | }, 31 | "Application" = { 32 | "tag_key" = { "@@assign" = var.application_tag_key }, 33 | "enforced_for" = { "@@assign" = var.enforce_for_values } 34 | } 35 | } 36 | }) 37 | 38 | type = var.policy_type 39 | } 40 | 41 | resource "aws_organizations_policy_attachment" "account_attachment" { 42 | policy_id = aws_organizations_policy.tag_policy.id 43 | target_id = var.target_id 44 | } 45 | -------------------------------------------------------------------------------- /modules/tag-policy/outputs.tf: -------------------------------------------------------------------------------- 1 | output "policy_id" { 2 | value = aws_organizations_policy.tag_policy.id 3 | description = "ID of the tag policy." 4 | } -------------------------------------------------------------------------------- /modules/tag-policy/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | description = "The AWS region for provider configuration." 4 | } 5 | 6 | variable "policy_name" { 7 | type = string 8 | description = "A descriptive name for the AWS Organizations Tag Policy." 9 | } 10 | 11 | variable "policy_type" { 12 | type = string 13 | description = "The type of the AWS Organizations Tag Policy." 14 | } 15 | 16 | variable "target_id" { 17 | type = number 18 | description = "The ID of the target organizational unit to attach the Tag Policy." 19 | } 20 | 21 | variable "name_tag_key" { 22 | type = string 23 | description = "The tag key for the 'Name' tag." 24 | } 25 | 26 | variable "environment_tag_key" { 27 | type = string 28 | description = "The tag key for the 'Environment' tag." 29 | } 30 | 31 | variable "owner_tag_key" { 32 | type = string 33 | description = "The tag key for the 'Owner' tag." 34 | } 35 | 36 | variable "owner_tag_value" { 37 | type = list(string) 38 | description = "A list of valid tag values for the 'Owner' tag." 39 | } 40 | 41 | variable "costcenter_tag_key" { 42 | type = string 43 | description = "The tag key for the 'CostCenter' tag." 44 | } 45 | 46 | variable "costcenter_tag_value" { 47 | type = list(string) 48 | description = "A list of valid tag values for the 'CostCenter' tag." 49 | } 50 | 51 | variable "application_tag_key" { 52 | type = string 53 | description = "The tag key for the 'Application' tag." 54 | } 55 | 56 | variable "enforce_for_values" { 57 | type = list(string) 58 | description = "A list of tag values to enforce for the 'Application' tag." 59 | } 60 | -------------------------------------------------------------------------------- /modules/vpc/endpoint.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc_endpoint" "s3" { 2 | count = var.create_s3_endpoint ? 1 : 0 3 | vpc_id = aws_vpc.main.id 4 | service_name = "com.amazonaws.${var.region}.s3" 5 | vpc_endpoint_type = "Interface" 6 | 7 | subnet_ids = concat( 8 | aws_subnet.platform[*].id 9 | ) 10 | tags = merge( 11 | { 12 | Name = "${var.environment}-${var.application}-s3-endpoint", 13 | Environment = var.environment, 14 | Owner = var.owner, 15 | CostCenter = var.cost_center, 16 | Application = var.application 17 | }, 18 | var.tags 19 | ) 20 | } 21 | 22 | resource "aws_vpc_endpoint" "secrets_manager" { 23 | count = var.create_secrets_manager_endpoint ? 1 : 0 24 | vpc_id = aws_vpc.main.id 25 | service_name = "com.amazonaws.${var.region}.secretsmanager" 26 | vpc_endpoint_type = "Interface" 27 | 28 | subnet_ids = concat( 29 | aws_subnet.platform[*].id 30 | ) 31 | tags = merge( 32 | { 33 | Name = "${var.environment}-${var.application}-secrets-manager-endpoint", 34 | Environment = var.environment, 35 | Owner = var.owner, 36 | CostCenter = var.cost_center, 37 | Application = var.application 38 | }, 39 | var.tags 40 | ) 41 | } 42 | 43 | resource "aws_vpc_endpoint" "cloudwatch_logs" { 44 | count = var.create_cloudwatch_logs_endpoint ? 1 : 0 45 | vpc_id = aws_vpc.main.id 46 | service_name = "com.amazonaws.${var.region}.logs" 47 | vpc_endpoint_type = "Interface" 48 | 49 | subnet_ids = concat( 50 | aws_subnet.platform[*].id 51 | ) 52 | tags = merge( 53 | { 54 | Name = "${var.environment}-${var.application}-cloudwatch-endpoint", 55 | Environment = var.environment, 56 | Owner = var.owner, 57 | CostCenter = var.cost_center, 58 | Application = var.application 59 | }, 60 | var.tags 61 | ) 62 | } 63 | -------------------------------------------------------------------------------- /modules/vpc/internet-gateway.tf: -------------------------------------------------------------------------------- 1 | resource "aws_internet_gateway" "main" { 2 | vpc_id = aws_vpc.main.id 3 | 4 | tags = merge( 5 | { 6 | Name = "${var.environment}-${var.application}-internet-gateway", 7 | Environment = var.environment, 8 | Owner = var.owner, 9 | CostCenter = var.cost_center, 10 | Application = var.application 11 | }, 12 | var.tags 13 | ) 14 | } 15 | -------------------------------------------------------------------------------- /modules/vpc/nacl.tf: -------------------------------------------------------------------------------- 1 | resource "aws_network_acl" "public" { 2 | vpc_id = aws_vpc.main.id 3 | 4 | dynamic "ingress" { 5 | for_each = toset(range(length(var.ingress_public_nacl_from_port))) 6 | content { 7 | rule_no = var.ingress_public_nacl_rule_no[ingress.key] 8 | action = var.ingress_public_nacl_action[ingress.key] 9 | from_port = var.ingress_public_nacl_from_port[ingress.key] 10 | to_port = var.ingress_public_nacl_to_port[ingress.key] 11 | protocol = var.ingress_public_nacl_protocol[ingress.key] 12 | cidr_block = var.ingress_public_nacl_cidr_block[ingress.key] 13 | } 14 | } 15 | 16 | dynamic "egress" { 17 | for_each = toset(range(length(var.egress_public_nacl_from_port))) 18 | content { 19 | rule_no = var.egress_public_nacl_rule_no[egress.key] 20 | action = var.egress_public_nacl_action[egress.key] 21 | from_port = var.egress_public_nacl_from_port[egress.key] 22 | to_port = var.egress_public_nacl_to_port[egress.key] 23 | protocol = var.egress_public_nacl_protocol[egress.key] 24 | cidr_block = var.egress_public_nacl_cidr_block[egress.key] 25 | } 26 | } 27 | tags = merge( 28 | { 29 | Name = "${var.environment}-${var.application}-public-subnet-nacl", 30 | Environment = var.environment, 31 | Owner = var.owner, 32 | CostCenter = var.cost_center, 33 | Application = var.application 34 | }, 35 | var.tags 36 | ) 37 | } 38 | 39 | resource "aws_network_acl" "app" { 40 | vpc_id = aws_vpc.main.id 41 | 42 | dynamic "ingress" { 43 | for_each = toset(range(length(var.ingress_app_nacl_from_port))) 44 | content { 45 | rule_no = var.ingress_app_nacl_rule_no[ingress.key] 46 | action = var.ingress_app_nacl_action[ingress.key] 47 | from_port = var.ingress_app_nacl_from_port[ingress.key] 48 | to_port = var.ingress_app_nacl_to_port[ingress.key] 49 | protocol = var.ingress_app_nacl_protocol[ingress.key] 50 | cidr_block = var.ingress_app_nacl_cidr_block[ingress.key] 51 | } 52 | } 53 | 54 | dynamic "egress" { 55 | for_each = toset(range(length(var.egress_app_nacl_from_port))) 56 | content { 57 | rule_no = var.egress_app_nacl_rule_no[egress.key] 58 | action = var.egress_app_nacl_action[egress.key] 59 | from_port = var.egress_app_nacl_from_port[egress.key] 60 | to_port = var.egress_app_nacl_to_port[egress.key] 61 | protocol = var.egress_app_nacl_protocol[egress.key] 62 | cidr_block = var.egress_app_nacl_cidr_block[egress.key] 63 | } 64 | } 65 | tags = merge( 66 | { 67 | Name = "${var.environment}-${var.application}-app-subnet-nacl", 68 | Environment = var.environment, 69 | Owner = var.owner, 70 | CostCenter = var.cost_center, 71 | Application = var.application 72 | }, 73 | var.tags 74 | ) 75 | } 76 | 77 | resource "aws_network_acl" "db" { 78 | vpc_id = aws_vpc.main.id 79 | 80 | dynamic "ingress" { 81 | for_each = toset(range(length(var.ingress_db_nacl_from_port))) 82 | content { 83 | rule_no = var.ingress_db_nacl_rule_no[ingress.key] 84 | action = var.ingress_db_nacl_action[ingress.key] 85 | from_port = var.ingress_db_nacl_from_port[ingress.key] 86 | to_port = var.ingress_db_nacl_to_port[ingress.key] 87 | protocol = var.ingress_db_nacl_protocol[ingress.key] 88 | cidr_block = var.ingress_db_nacl_cidr_block[ingress.key] 89 | } 90 | } 91 | 92 | dynamic "egress" { 93 | for_each = toset(range(length(var.egress_db_nacl_from_port))) 94 | content { 95 | rule_no = var.egress_db_nacl_rule_no[egress.key] 96 | action = var.egress_db_nacl_action[egress.key] 97 | from_port = var.egress_db_nacl_from_port[egress.key] 98 | to_port = var.egress_db_nacl_to_port[egress.key] 99 | protocol = var.egress_db_nacl_protocol[egress.key] 100 | cidr_block = var.egress_db_nacl_cidr_block[egress.key] 101 | } 102 | } 103 | tags = merge( 104 | { 105 | Name = "${var.environment}-${var.application}-db-subnet-nacl", 106 | Environment = var.environment, 107 | Owner = var.owner, 108 | CostCenter = var.cost_center, 109 | Application = var.application 110 | }, 111 | var.tags 112 | ) 113 | } 114 | 115 | resource "aws_network_acl" "management" { 116 | vpc_id = aws_vpc.main.id 117 | 118 | dynamic "ingress" { 119 | for_each = toset(range(length(var.ingress_management_nacl_from_port))) 120 | content { 121 | rule_no = var.ingress_management_nacl_rule_no[ingress.key] 122 | action = var.ingress_management_nacl_action[ingress.key] 123 | from_port = var.ingress_management_nacl_from_port[ingress.key] 124 | to_port = var.ingress_management_nacl_to_port[ingress.key] 125 | protocol = var.ingress_management_nacl_protocol[ingress.key] 126 | cidr_block = var.ingress_management_nacl_cidr_block[ingress.key] 127 | } 128 | } 129 | 130 | dynamic "egress" { 131 | for_each = toset(range(length(var.egress_management_nacl_from_port))) 132 | content { 133 | rule_no = var.egress_management_nacl_rule_no[egress.key] 134 | action = var.egress_management_nacl_action[egress.key] 135 | from_port = var.egress_management_nacl_from_port[egress.key] 136 | to_port = var.egress_management_nacl_to_port[egress.key] 137 | protocol = var.egress_management_nacl_protocol[egress.key] 138 | cidr_block = var.egress_management_nacl_cidr_block[egress.key] 139 | } 140 | } 141 | tags = merge( 142 | { 143 | Name = "${var.environment}-${var.application}-management-subnet-nacl", 144 | Environment = var.environment, 145 | Owner = var.owner, 146 | CostCenter = var.cost_center, 147 | Application = var.application 148 | }, 149 | var.tags 150 | ) 151 | } 152 | 153 | resource "aws_network_acl" "platform" { 154 | vpc_id = aws_vpc.main.id 155 | 156 | dynamic "ingress" { 157 | for_each = toset(range(length(var.ingress_platform_nacl_from_port))) 158 | content { 159 | rule_no = var.ingress_platform_nacl_rule_no[ingress.key] 160 | action = var.ingress_platform_nacl_action[ingress.key] 161 | from_port = var.ingress_platform_nacl_from_port[ingress.key] 162 | to_port = var.ingress_platform_nacl_to_port[ingress.key] 163 | protocol = var.ingress_platform_nacl_protocol[ingress.key] 164 | cidr_block = var.ingress_platform_nacl_cidr_block[ingress.key] 165 | } 166 | } 167 | 168 | dynamic "egress" { 169 | for_each = toset(range(length(var.egress_platform_nacl_from_port))) 170 | content { 171 | rule_no = var.egress_platform_nacl_rule_no[egress.key] 172 | action = var.egress_platform_nacl_action[egress.key] 173 | from_port = var.egress_platform_nacl_from_port[egress.key] 174 | to_port = var.egress_platform_nacl_to_port[egress.key] 175 | protocol = var.egress_platform_nacl_protocol[egress.key] 176 | cidr_block = var.egress_platform_nacl_cidr_block[egress.key] 177 | } 178 | } 179 | tags = merge( 180 | { 181 | Name = "${var.environment}-${var.application}-platform-subnet-nacl", 182 | Environment = var.environment, 183 | Owner = var.owner, 184 | CostCenter = var.cost_center, 185 | Application = var.application 186 | }, 187 | var.tags 188 | ) 189 | } 190 | 191 | resource "aws_network_acl_association" "public" { 192 | count = length(aws_subnet.public) 193 | subnet_id = aws_subnet.public[count.index].id 194 | network_acl_id = aws_network_acl.public.id 195 | } 196 | 197 | resource "aws_network_acl_association" "app" { 198 | count = length(aws_subnet.app) 199 | subnet_id = aws_subnet.app[count.index].id 200 | network_acl_id = aws_network_acl.app.id 201 | } 202 | 203 | resource "aws_network_acl_association" "db" { 204 | count = length(aws_subnet.db) 205 | subnet_id = aws_subnet.db[count.index].id 206 | network_acl_id = aws_network_acl.db.id 207 | } 208 | 209 | resource "aws_network_acl_association" "management" { 210 | count = length(aws_subnet.management) 211 | subnet_id = aws_subnet.management[count.index].id 212 | network_acl_id = aws_network_acl.management.id 213 | } 214 | 215 | resource "aws_network_acl_association" "platform" { 216 | count = length(aws_subnet.platform) 217 | subnet_id = aws_subnet.platform[count.index].id 218 | network_acl_id = aws_network_acl.platform.id 219 | } 220 | -------------------------------------------------------------------------------- /modules/vpc/nat-gateway.tf: -------------------------------------------------------------------------------- 1 | resource "aws_eip" "main" { 2 | count = var.create_nat_gateway ? 1 : 0 3 | domain = var.domain 4 | } 5 | 6 | resource "aws_nat_gateway" "main" { 7 | count = var.create_nat_gateway ? 1 : 0 8 | allocation_id = aws_eip.main[0].id 9 | subnet_id = aws_subnet.public[0].id 10 | depends_on = [aws_internet_gateway.main] 11 | 12 | tags = merge( 13 | { 14 | Name = "${var.environment}-${var.application}-nat-gateway", 15 | Environment = var.environment, 16 | Owner = var.owner, 17 | CostCenter = var.cost_center, 18 | Application = var.application 19 | }, 20 | var.tags 21 | ) 22 | } -------------------------------------------------------------------------------- /modules/vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | value = aws_vpc.main.id 3 | description = "VPC ID" 4 | } 5 | 6 | output "public_subnet_ids" { 7 | value = aws_subnet.public.*.id 8 | description = "List of public subnet IDs" 9 | } 10 | 11 | output "app_subnet_ids" { 12 | value = aws_subnet.app.*.id 13 | description = "List of private subnet IDs" 14 | } 15 | 16 | output "db_subnet_ids" { 17 | value = aws_subnet.db.*.id 18 | description = "List of private subnet IDs" 19 | } 20 | 21 | output "management_subnet_ids" { 22 | value = aws_subnet.management.*.id 23 | description = "List of private subnet IDs" 24 | } 25 | 26 | output "platform_subnet_ids" { 27 | value = aws_subnet.platform.*.id 28 | description = "List of private subnet IDs" 29 | } 30 | 31 | output "cidr_block" { 32 | value = var.vpc_cidr_block 33 | description = "The CIDR block associated with the VPC" 34 | } 35 | -------------------------------------------------------------------------------- /modules/vpc/route-tables.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route_table" "public" { 2 | vpc_id = aws_vpc.main.id 3 | 4 | tags = merge( 5 | { 6 | Name = "${var.environment}-${var.application}-public-route-table", 7 | Environment = var.environment, 8 | Owner = var.owner, 9 | CostCenter = var.cost_center, 10 | Application = var.application 11 | }, 12 | var.tags 13 | ) 14 | } 15 | 16 | resource "aws_route" "public" { 17 | route_table_id = aws_route_table.public.id 18 | destination_cidr_block = var.destination_cidr_block 19 | gateway_id = aws_internet_gateway.main.id 20 | } 21 | 22 | resource "aws_route_table" "app" { 23 | vpc_id = aws_vpc.main.id 24 | 25 | tags = merge( 26 | { 27 | Name = "${var.environment}-${var.application}-app-route-table", 28 | Environment = var.environment, 29 | Owner = var.owner, 30 | CostCenter = var.cost_center, 31 | Application = var.application 32 | }, 33 | var.tags 34 | ) 35 | } 36 | 37 | resource "aws_route" "app" { 38 | count = var.create_nat_gateway ? 1 : 0 39 | route_table_id = aws_route_table.app.id 40 | destination_cidr_block = var.destination_cidr_block 41 | nat_gateway_id = aws_nat_gateway.main[count.index].id 42 | } 43 | 44 | 45 | resource "aws_route_table" "db" { 46 | vpc_id = aws_vpc.main.id 47 | 48 | tags = merge( 49 | { 50 | Name = "${var.environment}-${var.application}-db-route-table", 51 | Environment = var.environment, 52 | Owner = var.owner, 53 | CostCenter = var.cost_center, 54 | Application = var.application 55 | }, 56 | var.tags 57 | ) 58 | } 59 | 60 | resource "aws_route" "db" { 61 | count = var.create_nat_gateway ? 1 : 0 62 | route_table_id = aws_route_table.db.id 63 | destination_cidr_block = var.destination_cidr_block 64 | nat_gateway_id = aws_nat_gateway.main[count.index].id 65 | } 66 | 67 | resource "aws_route_table" "management" { 68 | vpc_id = aws_vpc.main.id 69 | 70 | tags = merge( 71 | { 72 | Name = "${var.environment}-${var.application}-management-route-table", 73 | Environment = var.environment, 74 | Owner = var.owner, 75 | CostCenter = var.cost_center, 76 | Application = var.application 77 | }, 78 | var.tags 79 | ) 80 | } 81 | 82 | resource "aws_route" "management" { 83 | count = var.create_nat_gateway ? 1 : 0 84 | route_table_id = aws_route_table.management.id 85 | destination_cidr_block = var.destination_cidr_block 86 | nat_gateway_id = aws_nat_gateway.main[count.index].id 87 | } 88 | 89 | resource "aws_route_table" "platform" { 90 | vpc_id = aws_vpc.main.id 91 | 92 | tags = merge( 93 | { 94 | Name = "${var.environment}-${var.application}-platform-route-table", 95 | Environment = var.environment, 96 | Owner = var.owner, 97 | CostCenter = var.cost_center, 98 | Application = var.application 99 | }, 100 | var.tags 101 | ) 102 | } 103 | 104 | resource "aws_route" "platform" { 105 | count = var.create_nat_gateway ? 1 : 0 106 | route_table_id = aws_route_table.platform.id 107 | destination_cidr_block = var.destination_cidr_block 108 | nat_gateway_id = aws_nat_gateway.main[count.index].id 109 | } -------------------------------------------------------------------------------- /modules/vpc/subnet.tf: -------------------------------------------------------------------------------- 1 | resource "aws_subnet" "public" { 2 | count = length(var.public_subnet_cidr_blocks) 3 | vpc_id = aws_vpc.main.id 4 | cidr_block = var.public_subnet_cidr_blocks[count.index] 5 | availability_zone = var.availability_zones[count.index] 6 | map_public_ip_on_launch = var.map_public_ip_on_launch 7 | 8 | tags = merge( 9 | { 10 | Name = "${var.environment}-${var.application}-public-subnet-${count.index}", 11 | Environment = var.environment, 12 | Owner = var.owner, 13 | CostCenter = var.cost_center, 14 | Application = var.application 15 | }, 16 | var.tags 17 | ) 18 | } 19 | 20 | resource "aws_route_table_association" "public" { 21 | count = length(aws_subnet.public) 22 | subnet_id = aws_subnet.public[count.index].id 23 | route_table_id = aws_route_table.public.id 24 | } 25 | 26 | resource "aws_subnet" "app" { 27 | count = length(var.app_subnet_cidr_blocks) 28 | vpc_id = aws_vpc.main.id 29 | cidr_block = var.app_subnet_cidr_blocks[count.index] 30 | availability_zone = var.availability_zones[count.index] 31 | 32 | tags = merge( 33 | { 34 | Name = "${var.environment}-${var.application}-app-subnet-${count.index}", 35 | Environment = var.environment, 36 | Owner = var.owner, 37 | CostCenter = var.cost_center, 38 | Application = var.application 39 | }, 40 | var.tags 41 | ) 42 | } 43 | 44 | resource "aws_route_table_association" "app" { 45 | count = length(aws_subnet.app) 46 | subnet_id = aws_subnet.app[count.index].id 47 | route_table_id = aws_route_table.app.id 48 | } 49 | 50 | resource "aws_subnet" "db" { 51 | count = length(var.db_subnet_cidr_blocks) 52 | vpc_id = aws_vpc.main.id 53 | cidr_block = var.db_subnet_cidr_blocks[count.index] 54 | availability_zone = var.availability_zones[count.index] 55 | 56 | tags = merge( 57 | { 58 | Name = "${var.environment}-${var.application}-db-subnet-${count.index}", 59 | Environment = var.environment, 60 | Owner = var.owner, 61 | CostCenter = var.cost_center, 62 | Application = var.application 63 | }, 64 | var.tags 65 | ) 66 | } 67 | 68 | resource "aws_route_table_association" "db" { 69 | count = length(aws_subnet.db) 70 | subnet_id = aws_subnet.db[count.index].id 71 | route_table_id = aws_route_table.db.id 72 | } 73 | 74 | resource "aws_subnet" "management" { 75 | count = length(var.management_subnet_cidr_blocks) 76 | vpc_id = aws_vpc.main.id 77 | cidr_block = var.management_subnet_cidr_blocks[count.index] 78 | availability_zone = var.availability_zones[count.index] 79 | 80 | tags = merge( 81 | { 82 | Name = "${var.environment}-${var.application}-management-subnet-${count.index}", 83 | Environment = var.environment, 84 | Owner = var.owner, 85 | CostCenter = var.cost_center, 86 | Application = var.application 87 | }, 88 | var.tags 89 | ) 90 | } 91 | 92 | resource "aws_route_table_association" "management" { 93 | count = length(aws_subnet.management) 94 | subnet_id = aws_subnet.management[count.index].id 95 | route_table_id = aws_route_table.management.id 96 | } 97 | 98 | resource "aws_subnet" "platform" { 99 | count = length(var.platform_subnet_cidr_blocks) 100 | vpc_id = aws_vpc.main.id 101 | cidr_block = var.platform_subnet_cidr_blocks[count.index] 102 | availability_zone = var.availability_zones[count.index] 103 | 104 | tags = merge( 105 | { 106 | Name = "${var.environment}-${var.application}-platform-subnet-${count.index}", 107 | Environment = var.environment, 108 | Owner = var.owner, 109 | CostCenter = var.cost_center, 110 | Application = var.application 111 | }, 112 | var.tags 113 | ) 114 | } 115 | 116 | resource "aws_route_table_association" "platform" { 117 | count = length(aws_subnet.platform) 118 | subnet_id = aws_subnet.platform[count.index].id 119 | route_table_id = aws_route_table.platform.id 120 | } 121 | -------------------------------------------------------------------------------- /modules/vpc/variables.tf: -------------------------------------------------------------------------------- 1 | # Common Variables 2 | 3 | variable "tags" { 4 | default = {} 5 | type = map(string) 6 | description = "Extra tags to attach to the VPC resources" 7 | } 8 | 9 | variable "region" { 10 | type = string 11 | description = "Region of the VPC" 12 | } 13 | 14 | # VPC Variables 15 | 16 | variable "vpc_cidr_block" { 17 | type = string 18 | description = "CIDR block for the VPC" 19 | } 20 | 21 | # Subnet Varaibles 22 | 23 | variable "public_subnet_cidr_blocks" { 24 | type = list(any) 25 | description = "List of public subnet CIDR blocks" 26 | } 27 | 28 | variable "app_subnet_cidr_blocks" { 29 | type = list(any) 30 | description = "List of application subnet CIDR blocks" 31 | } 32 | 33 | variable "db_subnet_cidr_blocks" { 34 | type = list(any) 35 | description = "List of Database subnet CIDR blocks" 36 | } 37 | 38 | variable "management_subnet_cidr_blocks" { 39 | type = list(any) 40 | description = "List of management subnet CIDR blocks" 41 | } 42 | 43 | variable "platform_subnet_cidr_blocks" { 44 | type = list(any) 45 | description = "List of platform subnet CIDR blocks" 46 | } 47 | 48 | variable "availability_zones" { 49 | type = list(any) 50 | description = "List of availability zones" 51 | } 52 | 53 | variable "create_nat_gateway" { 54 | type = bool 55 | description = "whether to create a NAT gateway or not" 56 | } 57 | 58 | variable "owner" { 59 | type = string 60 | description = "Name of owner" 61 | } 62 | 63 | variable "environment" { 64 | type = string 65 | description = "The environment name for the resources." 66 | } 67 | 68 | variable "cost_center" { 69 | type = string 70 | description = "Name of cost-center for this alb-asg" 71 | } 72 | 73 | variable "application" { 74 | type = string 75 | description = "Name of the application" 76 | } 77 | 78 | variable "instance_tenancy" { 79 | type = string 80 | description = "Set instance-tenancy" 81 | } 82 | 83 | variable "enable_dns_support" { 84 | type = bool 85 | description = "whether to enable DNS support or not" 86 | } 87 | 88 | variable "enable_dns_hostnames" { 89 | type = bool 90 | description = "whether to enable DNS hostnames or not" 91 | } 92 | 93 | variable "domain" { 94 | type = string 95 | description = "Set the domain of eip" 96 | } 97 | 98 | variable "destination_cidr_block" { 99 | type = string 100 | description = "Set the destination cidr block" 101 | } 102 | 103 | variable "map_public_ip_on_launch" { 104 | type = bool 105 | description = "whether to map public ip on launch or not" 106 | } 107 | 108 | variable "create_s3_endpoint" { 109 | type = bool 110 | description = "whether to create s3 endpoint or not" 111 | } 112 | 113 | variable "create_secrets_manager_endpoint" { 114 | type = bool 115 | description = "whether to create secrets-manager endpoint or not" 116 | } 117 | 118 | variable "create_cloudwatch_logs_endpoint" { 119 | type = bool 120 | description = "whether to create cloudwatch logs endpoint or not" 121 | } 122 | 123 | variable "ingress_public_nacl_rule_no" { 124 | type = list(number) 125 | description = "List of public nacl ingress rule no" 126 | } 127 | 128 | variable "ingress_public_nacl_action" { 129 | type = list(string) 130 | description = "List of public nacl ingress action " 131 | } 132 | 133 | variable "ingress_public_nacl_from_port" { 134 | type = list(number) 135 | description = "List of public nacl ingress from port " 136 | } 137 | 138 | variable "ingress_public_nacl_to_port" { 139 | type = list(number) 140 | description = "List of public nacl ingress to port " 141 | } 142 | 143 | variable "ingress_public_nacl_protocol" { 144 | type = list(string) 145 | description = "List of public nacl ingress protocol " 146 | } 147 | 148 | variable "ingress_public_nacl_cidr_block" { 149 | type = list(string) 150 | description = "List of public nacl ingress cidr block " 151 | } 152 | 153 | variable "egress_public_nacl_rule_no" { 154 | type = list(number) 155 | description = "List of public nacl egress rule no" 156 | } 157 | 158 | variable "egress_public_nacl_action" { 159 | type = list(string) 160 | description = "List of public nacl egress action " 161 | } 162 | 163 | variable "egress_public_nacl_from_port" { 164 | type = list(number) 165 | description = "List of public nacl egress from port " 166 | } 167 | 168 | variable "egress_public_nacl_to_port" { 169 | type = list(number) 170 | description = "List of public nacl egress to port " 171 | } 172 | 173 | variable "egress_public_nacl_protocol" { 174 | type = list(string) 175 | description = "List of public nacl egress protocol " 176 | } 177 | 178 | variable "egress_public_nacl_cidr_block" { 179 | type = list(string) 180 | description = "List of public nacl egress cidr block " 181 | } 182 | 183 | variable "ingress_app_nacl_rule_no" { 184 | type = list(number) 185 | description = "List of app nacl ingress rule no" 186 | } 187 | 188 | variable "ingress_app_nacl_action" { 189 | type = list(string) 190 | description = "List of app nacl ingress action " 191 | } 192 | 193 | variable "ingress_app_nacl_from_port" { 194 | type = list(number) 195 | description = "List of app nacl ingress from port " 196 | } 197 | 198 | variable "ingress_app_nacl_to_port" { 199 | type = list(number) 200 | description = "List of app nacl ingress to port " 201 | } 202 | 203 | variable "ingress_app_nacl_protocol" { 204 | type = list(string) 205 | description = "List of app nacl ingress protocol " 206 | } 207 | 208 | variable "ingress_app_nacl_cidr_block" { 209 | type = list(string) 210 | description = "List of app nacl ingress cidr block " 211 | } 212 | 213 | variable "egress_app_nacl_rule_no" { 214 | type = list(number) 215 | description = "List of app nacl egress rule no" 216 | } 217 | 218 | variable "egress_app_nacl_action" { 219 | type = list(string) 220 | description = "List of app nacl egress action " 221 | } 222 | 223 | variable "egress_app_nacl_from_port" { 224 | type = list(number) 225 | description = "List of app nacl egress from port " 226 | } 227 | 228 | variable "egress_app_nacl_to_port" { 229 | type = list(number) 230 | description = "List of app nacl egress to port " 231 | } 232 | 233 | variable "egress_app_nacl_protocol" { 234 | type = list(string) 235 | description = "List of app nacl egress protocol " 236 | } 237 | 238 | variable "egress_app_nacl_cidr_block" { 239 | type = list(string) 240 | description = "List of app nacl egress cidr block " 241 | } 242 | 243 | variable "ingress_db_nacl_rule_no" { 244 | type = list(number) 245 | description = "List of db nacl ingress rule no" 246 | } 247 | 248 | variable "ingress_db_nacl_action" { 249 | type = list(string) 250 | description = "List of db nacl ingress action " 251 | } 252 | 253 | variable "ingress_db_nacl_from_port" { 254 | type = list(number) 255 | description = "List of db nacl ingress from port " 256 | } 257 | 258 | variable "ingress_db_nacl_to_port" { 259 | type = list(number) 260 | description = "List of db nacl ingress to port " 261 | } 262 | 263 | variable "ingress_db_nacl_protocol" { 264 | type = list(string) 265 | description = "List of db nacl ingress protocol " 266 | } 267 | 268 | variable "ingress_db_nacl_cidr_block" { 269 | type = list(string) 270 | description = "List of db nacl ingress cidr block " 271 | } 272 | 273 | variable "egress_db_nacl_rule_no" { 274 | type = list(number) 275 | description = "List of db nacl egress rule no" 276 | } 277 | 278 | variable "egress_db_nacl_action" { 279 | type = list(string) 280 | description = "List of db nacl egress action " 281 | } 282 | 283 | variable "egress_db_nacl_from_port" { 284 | type = list(number) 285 | description = "List of db nacl egress from port " 286 | } 287 | 288 | variable "egress_db_nacl_to_port" { 289 | type = list(number) 290 | description = "List of db nacl egress to port " 291 | } 292 | 293 | variable "egress_db_nacl_protocol" { 294 | type = list(string) 295 | description = "List of db nacl egress protocol " 296 | } 297 | 298 | variable "egress_db_nacl_cidr_block" { 299 | type = list(string) 300 | description = "List of db nacl egress cidr block " 301 | } 302 | 303 | variable "ingress_management_nacl_rule_no" { 304 | type = list(number) 305 | description = "List of management nacl ingress rule no" 306 | } 307 | 308 | variable "ingress_management_nacl_action" { 309 | type = list(string) 310 | description = "List of management nacl ingress action " 311 | } 312 | 313 | variable "ingress_management_nacl_from_port" { 314 | type = list(number) 315 | description = "List of management nacl ingress from port " 316 | } 317 | 318 | variable "ingress_management_nacl_to_port" { 319 | type = list(number) 320 | description = "List of management nacl ingress to port " 321 | } 322 | 323 | variable "ingress_management_nacl_protocol" { 324 | type = list(string) 325 | description = "List of management nacl ingress protocol " 326 | } 327 | 328 | variable "ingress_management_nacl_cidr_block" { 329 | type = list(string) 330 | description = "List of management nacl ingress cidr block " 331 | } 332 | 333 | variable "egress_management_nacl_rule_no" { 334 | type = list(number) 335 | description = "List of management nacl egress rule no" 336 | } 337 | 338 | variable "egress_management_nacl_action" { 339 | type = list(string) 340 | description = "List of management nacl egress action " 341 | } 342 | 343 | variable "egress_management_nacl_from_port" { 344 | type = list(number) 345 | description = "List of management nacl egress from port " 346 | } 347 | 348 | variable "egress_management_nacl_to_port" { 349 | type = list(number) 350 | description = "List of management nacl egress to port " 351 | } 352 | 353 | variable "egress_management_nacl_protocol" { 354 | type = list(string) 355 | description = "List of management nacl egress protocol " 356 | } 357 | 358 | variable "egress_management_nacl_cidr_block" { 359 | type = list(string) 360 | description = "List of management nacl egress cidr block " 361 | } 362 | 363 | variable "ingress_platform_nacl_rule_no" { 364 | type = list(number) 365 | description = "List of platform nacl ingress rule no" 366 | } 367 | 368 | variable "ingress_platform_nacl_action" { 369 | type = list(string) 370 | description = "List of platform nacl ingress action " 371 | } 372 | 373 | variable "ingress_platform_nacl_from_port" { 374 | type = list(number) 375 | description = "List of platform nacl ingress from port " 376 | } 377 | 378 | variable "ingress_platform_nacl_to_port" { 379 | type = list(number) 380 | description = "List of platform nacl ingress to port " 381 | } 382 | 383 | variable "ingress_platform_nacl_protocol" { 384 | type = list(string) 385 | description = "List of platform nacl ingress protocol " 386 | } 387 | 388 | variable "ingress_platform_nacl_cidr_block" { 389 | type = list(string) 390 | description = "List of platform nacl ingress cidr block " 391 | } 392 | 393 | variable "egress_platform_nacl_rule_no" { 394 | type = list(number) 395 | description = "List of platform nacl egress rule no" 396 | } 397 | 398 | variable "egress_platform_nacl_action" { 399 | type = list(string) 400 | description = "List of platform nacl egress action " 401 | } 402 | 403 | variable "egress_platform_nacl_from_port" { 404 | type = list(number) 405 | description = "List of platform nacl egress from port " 406 | } 407 | 408 | variable "egress_platform_nacl_to_port" { 409 | type = list(number) 410 | description = "List of platform nacl egress to port " 411 | } 412 | 413 | variable "egress_platform_nacl_protocol" { 414 | type = list(string) 415 | description = "List of platform nacl egress protocol " 416 | } 417 | 418 | variable "egress_platform_nacl_cidr_block" { 419 | type = list(string) 420 | description = "List of platform nacl egress cidr block " 421 | } 422 | 423 | 424 | 425 | -------------------------------------------------------------------------------- /modules/vpc/vpc.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "main" { 2 | cidr_block = var.vpc_cidr_block 3 | instance_tenancy = var.instance_tenancy 4 | enable_dns_support = var.enable_dns_support 5 | enable_dns_hostnames = var.enable_dns_hostnames 6 | 7 | tags = merge( 8 | { 9 | Name = "${var.environment}-${var.application}-vpc", 10 | Environment = var.environment, 11 | Owner = var.owner, 12 | CostCenter = var.cost_center, 13 | Application = var.application 14 | }, 15 | var.tags 16 | ) 17 | } -------------------------------------------------------------------------------- /provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = "~> 3.0" 6 | } 7 | } 8 | backend "s3" { 9 | bucket = "dcube-terraform-state" 10 | # key = "dev/vpc.tfstate" 11 | region = "us-west-2" 12 | dynamodb_table = aws_dynamodb_table.state_lock.name 13 | } 14 | } 15 | 16 | provider "aws" { 17 | region = "us-west-2" 18 | } 19 | 20 | resource "aws_dynamodb_table" "state_lock" { 21 | name = "terraform-state-lock" 22 | billing_mode = "PAY_PER_REQUEST" 23 | hash_key = "LockID" 24 | 25 | attribute { 26 | name = "LockID" 27 | type = "S" 28 | } 29 | } -------------------------------------------------------------------------------- /vars/dev/acm.tfvars: -------------------------------------------------------------------------------- 1 | region = "us-west-2" 2 | 3 | domain_name = "prom.devopsproject.dev" 4 | validation_method = "DNS" 5 | key_algorithm = "RSA_2048" 6 | certificate_transparency_logging_preference = "ENABLED" 7 | dns_domain_name = "devopsproject.dev" 8 | 9 | # Tag Keys 10 | name = "" 11 | owner = "techiescamp" 12 | environment = "dev" 13 | cost_center = "techiescamp-commerce" 14 | application = "acm" 15 | -------------------------------------------------------------------------------- /vars/dev/alb-asg.tfvars: -------------------------------------------------------------------------------- 1 | region = "us-west-2" 2 | 3 | # alb 4 | internal = false 5 | loadbalancer_type = "application" 6 | alb_subnets = ["subnet-058a7514ba8adbb07", "subnet-0dbcd1ac168414927", "subnet-032f5077729435858"] 7 | 8 | #alb-sg 9 | alb_ingress_cidr_from_port = [80] 10 | alb_ingress_cidr_to_port = [80] 11 | alb_ingress_cidr_protocol = ["tcp"] 12 | alb_ingress_cidr_block = ["0.0.0.0/0"] 13 | alb_create_ingress_cidr = true 14 | 15 | alb_ingress_sg_from_port = [8080] 16 | alb_ingress_sg_to_port = [8080] 17 | alb_ingress_sg_protocol = ["tcp"] 18 | alb_create_ingress_sg = false 19 | 20 | alb_egress_cidr_from_port = [0] 21 | alb_egress_cidr_to_port = [0] 22 | alb_egress_cidr_protocol = ["-1"] 23 | alb_egress_cidr_block = ["0.0.0.0/0"] 24 | alb_create_egress_cidr = true 25 | 26 | alb_egress_sg_from_port = [0] 27 | alb_egress_sg_to_port = [0] 28 | alb_egress_sg_protocol = ["-1"] 29 | alb_create_egress_sg = false 30 | 31 | # instance sg 32 | ingress_cidr_from_port = [22] 33 | ingress_cidr_to_port = [22] 34 | ingress_cidr_protocol = ["tcp"] 35 | ingress_cidr_block = ["0.0.0.0/0"] 36 | create_ingress_cidr = true 37 | 38 | ingress_sg_from_port = [8080] 39 | ingress_sg_to_port = [8080] 40 | ingress_sg_protocol = ["tcp"] 41 | create_ingress_sg = true 42 | 43 | egress_cidr_from_port = [0] 44 | egress_cidr_to_port = [0] 45 | egress_cidr_protocol = ["-1"] 46 | egress_cidr_block = ["0.0.0.0/0"] 47 | create_egress_cidr = true 48 | 49 | egress_sg_from_port = [8080] 50 | egress_sg_to_port = [8080] 51 | egress_sg_protocol = ["tcp"] 52 | create_egress_sg = false 53 | 54 | # target_group 55 | target_group_port = 8080 56 | target_group_protocol = "HTTP" 57 | target_type = "instance" 58 | load_balancing_algorithm = "round_robin" 59 | 60 | # health_check 61 | health_check_path = "/" 62 | health_check_port = 8080 63 | health_check_protocol = "HTTP" 64 | health_check_interval = 30 65 | health_check_timeout = 5 66 | health_check_healthy_threshold = 2 67 | health_check_unhealthy_threshold = 2 68 | 69 | #alb_listener 70 | listener_port = 80 71 | listener_protocol = "HTTP" 72 | listener_type = "forward" 73 | 74 | #launch_template 75 | ami_id = "ami-020f3ca563c92097b" 76 | instance_type = "t2.medium" 77 | key_name = "techiescamp" 78 | vpc_id = "vpc-0a5ca4a92c2e10163" 79 | asg_subnets = ["subnet-058a7514ba8adbb07", "subnet-0dbcd1ac168414927", "subnet-032f5077729435858"] 80 | public_access = true 81 | 82 | #user_data 83 | user_data = <<-EOF 84 | #!/bin/bash 85 | bash /home/ubuntu/start.sh 86 | EOF 87 | 88 | #autoscaling_group 89 | max_size = 2 90 | min_size = 1 91 | desired_capacity = 1 92 | propagate_at_launch = true 93 | instance_warmup_time = 30 94 | target_value = 50 95 | 96 | #tags 97 | owner = "techiescamp" 98 | environment = "dev" 99 | cost_center = "techiescamp-commerce" 100 | application = "java-app" 101 | 102 | -------------------------------------------------------------------------------- /vars/dev/backend.tfvars: -------------------------------------------------------------------------------- 1 | region = "us-west-2" 2 | billing_mode = "PAY_PER_REQUEST" 3 | hash_key = "LockID" 4 | attribute_name = "LockID" 5 | attribute_type = "S" 6 | 7 | owner = "techiescamp" 8 | environment = "dev" 9 | cost_center = "techiescamp-commerce" 10 | application = "java-app" -------------------------------------------------------------------------------- /vars/dev/ec2.tfvars: -------------------------------------------------------------------------------- 1 | #IAM Policy 2 | iam_policy_json_file = "ec2.json" 3 | 4 | # EC2 Instance Variables 5 | region = "us-west-2" 6 | ami_id = "ami-0e8ffa060937e44c7" 7 | instance_type = "t2.micro" 8 | key_name = "techiescamp" 9 | instance_count = 1 10 | subnet_ids = ["subnet-034b5b81e1ee5e653", "subnet-0bfbbe8efe880be15", "subnet-059ad803aa3c5d9c5"] 11 | associate_public_ip_address = true 12 | attach_instance_profile = true 13 | attach_eip = false 14 | storage_size = 30 15 | 16 | # EC2 Security Group Variables 17 | vpc_id = "vpc-062e91b98392ca9a2" 18 | 19 | # Tag Keys 20 | owner = "techiescamp" 21 | environment = "test" 22 | cost_center = "techiescamp-commerce" 23 | application = "jenkins-agent" 24 | 25 | # CIDR Ingress Variables 26 | create_ingress_cidr = true 27 | ingress_cidr_from_port = [22, 8080] 28 | ingress_cidr_to_port = [22, 8080] 29 | ingress_cidr_protocol = ["tcp", "tcp"] 30 | ingress_cidr_block = ["0.0.0.0/0", "0.0.0.0/0"] 31 | 32 | # Security Group Ingress Variables 33 | create_ingress_sg = false 34 | ingress_sg_from_port = [80] 35 | ingress_sg_to_port = [80] 36 | ingress_sg_protocol = ["tcp"] 37 | ingress_security_group_ids = ["sg-0fe4363da3994c100"] 38 | 39 | # CIDR Egress Variables 40 | create_egress_cidr = true 41 | egress_cidr_from_port = [0] 42 | egress_cidr_to_port = [0] 43 | egress_cidr_protocol = ["-1"] 44 | egress_cidr_block = ["0.0.0.0/0"] 45 | 46 | # Security Group Egress Variables 47 | create_egress_sg = false 48 | egress_sg_from_port = [0] 49 | egress_sg_to_port = [0] 50 | egress_sg_protocol = ["-1"] 51 | egress_security_group_ids = ["sg-0fe4363da3994c100"] 52 | -------------------------------------------------------------------------------- /vars/dev/eks.tfvars: -------------------------------------------------------------------------------- 1 | region = "us-west-2" 2 | 3 | cluster_name = "terraform-eks-cluster-poc" 4 | role_name = "eks-cluster-role" 5 | vpc_subnets = ["subnet-0432cb02558cfcf7f", "subnet-02ffe5c35f8b088b1"] 6 | node_group_name = "terraform-eks-node-group" 7 | node_instance_type = ["t3.medium"] 8 | node_disk_size = 20 9 | policy_arns = [ 10 | "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", 11 | "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController", 12 | "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", 13 | "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", 14 | "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" 15 | ] 16 | eks_addons = { 17 | "coredns" = "v1.11.3-eksbuild.1" 18 | "vpc-cni" = "v1.18.5-eksbuild.1" 19 | "kube-proxy" = "v1.30.3-eksbuild.9" 20 | "eks-pod-identity-agent" = "v1.3.2-eksbuild.2" 21 | } 22 | principal_arn = "arn:aws:iam::533267438617:root" 23 | kubernetes_groups = ["group-1"] 24 | access_policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSAdminPolicy" 25 | -------------------------------------------------------------------------------- /vars/dev/rds.tfvars: -------------------------------------------------------------------------------- 1 | # Network Vars 2 | region = "us-west-2" 3 | subnet_ids = ["subnet-058a7514ba8adbb07", "subnet-0dbcd1ac168414927", "subnet-032f5077729435858"] 4 | multi_az = false 5 | publicly_accessible = true 6 | 7 | # DB Vars 8 | db_engine = "mysql" 9 | db_storage_type = "gp2" 10 | db_username = "techiescamp" 11 | db_instance_class = "db.t2.micro" 12 | db_storage_size = 20 13 | set_secret_manager_password = true 14 | set_db_password = false 15 | db_password = "rdssecret" 16 | 17 | # Security Group Vars 18 | from_port = 3306 19 | to_port = 3306 20 | protocol = "tcp" 21 | cidr_block = ["0.0.0.0/0"] 22 | 23 | # Backup vars 24 | backup_retention_period = 7 25 | delete_automated_backups = true 26 | copy_tags_to_snapshot = true 27 | skip_final_snapshot = true 28 | apply_immediately = true 29 | 30 | # Tag Vars 31 | owner = "techiescamp-devops" 32 | environment = "dev" 33 | cost_center = "techiescamp" 34 | application = "techiescamp-commerce" -------------------------------------------------------------------------------- /vars/dev/route53.tfvars: -------------------------------------------------------------------------------- 1 | region = "us-west-2" 2 | 3 | dns_domain_name = "devopsproject.dev" 4 | 5 | # Tag Keys 6 | name = "" 7 | owner = "techiescamp" 8 | environment = "dev" 9 | cost_center = "techiescamp-commerce" 10 | application = "route53" -------------------------------------------------------------------------------- /vars/dev/ses.tfvars: -------------------------------------------------------------------------------- 1 | #SES variables 2 | region = "us-west-2" 3 | domain_name = "devopsproject.dev" 4 | dkim_record_count = 3 5 | zone_id = "Z044775511DCQ7IHFO1WH" 6 | dkim_record_type = "CNAME" 7 | dkim_ttl = "1800" 8 | custom_mail = "email" 9 | spf_mx_record = "MX" 10 | spf_txt_record = "TXT" 11 | spf_ttl = "300" 12 | 13 | # Tag Keys 14 | name = "" 15 | owner = "techiescamp" 16 | environment = "" 17 | cost_center = "techiescamp-commerce" 18 | application = "pet-clinic" -------------------------------------------------------------------------------- /vars/dev/tag-policy.tfvars: -------------------------------------------------------------------------------- 1 | # Tag Policy Vars 2 | region = "eu-north-1" 3 | policy_name = "Techiescamp" 4 | policy_type = "TAG_POLICY" 5 | target_id = "814200988517" 6 | 7 | name_tag_key = "Name" 8 | environment_tag_key = "Environment" 9 | owner_tag_key = "Owner" 10 | owner_tag_value = ["techiescamp"] 11 | costcenter_tag_key = "CostCenter" 12 | costcenter_tag_value = ["techiescamp-commerce"] 13 | application_tag_key = "Application" 14 | enforce_for_values = ["dynamodb:*", "ec2:dhcp-options", "ec2:elastic-ip", "ec2:fpga-image", "ec2:instance", 15 | "ec2:internet-gateway", "ec2:launch-template", "ec2:natgateway", "ec2:network-acl", 16 | "ec2:network-interface", "ec2:route-table", "ec2:security-group", "ec2:snapshot", 17 | "ec2:subnet", "ec2:volume", "ec2:vpc", "ec2:vpc-endpoint", "ec2:vpc-endpoint-service", 18 | "ec2:vpc-peering-connection", "ec2:vpn-connection", "ec2:vpn-gateway", "elasticfilesystem:*", 19 | "elasticloadbalancing:*", "iam:instance-profile", "iam:mfa", "iam:policy", "kms:*", 20 | "lambda:*", "rds:cluster-pg", "rds:cluster-endpoint", "rds:es", "rds:og", "rds:pg", "rds:db-proxy", 21 | "rds:db-proxy-endpoint", "rds:ri", "rds:secgrp", "rds:subgrp", "rds:target-group", "resource-groups:*", 22 | "route53:hostedzone", "s3:bucket", "s3:bucket"] 23 | 24 | 25 | -------------------------------------------------------------------------------- /vars/dev/vpc.tfvars: -------------------------------------------------------------------------------- 1 | #vpc 2 | region = "us-west-2" 3 | vpc_cidr_block = "10.0.0.0/16" 4 | instance_tenancy = "default" 5 | enable_dns_support = true 6 | enable_dns_hostnames = true 7 | 8 | #elastic ip 9 | domain = "vpc" 10 | 11 | #nat-gateway 12 | create_nat_gateway = true 13 | 14 | #route-table 15 | destination_cidr_block = "0.0.0.0/0" 16 | 17 | #tags 18 | owner = "techiescamp" 19 | environment = "dev" 20 | cost_center = "techiescamp-commerce" 21 | application = "ecommerce" 22 | 23 | 24 | map_public_ip_on_launch = true 25 | 26 | #subnets 27 | public_subnet_cidr_blocks = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] 28 | app_subnet_cidr_blocks = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"] 29 | db_subnet_cidr_blocks = ["10.0.7.0/24", "10.0.8.0/24", "10.0.9.0/24"] 30 | management_subnet_cidr_blocks = ["10.0.10.0/24", "10.0.11.0/24", "10.0.12.0/24"] 31 | platform_subnet_cidr_blocks = ["10.0.13.0/24", "10.0.14.0/24", "10.0.15.0/24"] 32 | 33 | # Availability Zones 34 | availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"] 35 | 36 | 37 | #Public Subnet NACL 38 | ingress_public_nacl_rule_no = [100] 39 | ingress_public_nacl_action = ["allow"] 40 | ingress_public_nacl_from_port = [0] 41 | ingress_public_nacl_to_port = [0] 42 | ingress_public_nacl_protocol = ["-1"] 43 | ingress_public_nacl_cidr_block = ["0.0.0.0/0"] 44 | 45 | egress_public_nacl_rule_no = [200] 46 | egress_public_nacl_action = ["allow"] 47 | egress_public_nacl_from_port = [0] 48 | egress_public_nacl_to_port = [0] 49 | egress_public_nacl_protocol = ["-1"] 50 | egress_public_nacl_cidr_block = ["0.0.0.0/0"] 51 | 52 | #app nacl 53 | ingress_app_nacl_rule_no = [100] 54 | ingress_app_nacl_action = ["allow"] 55 | ingress_app_nacl_from_port = [0] 56 | ingress_app_nacl_to_port = [0] 57 | ingress_app_nacl_protocol = ["-1"] 58 | ingress_app_nacl_cidr_block = ["0.0.0.0/0"] 59 | 60 | egress_app_nacl_rule_no = [200] 61 | egress_app_nacl_action = ["allow"] 62 | egress_app_nacl_from_port = [0] 63 | egress_app_nacl_to_port = [0] 64 | egress_app_nacl_protocol = ["-1"] 65 | egress_app_nacl_cidr_block = ["0.0.0.0/0"] 66 | 67 | ##db nacl 68 | ingress_db_nacl_rule_no = [100] 69 | ingress_db_nacl_action = ["allow"] 70 | ingress_db_nacl_from_port = [0] 71 | ingress_db_nacl_to_port = [0] 72 | ingress_db_nacl_protocol = ["-1"] 73 | ingress_db_nacl_cidr_block = ["0.0.0.0/0"] 74 | 75 | egress_db_nacl_rule_no = [200] 76 | egress_db_nacl_action = ["allow"] 77 | egress_db_nacl_from_port = [0] 78 | egress_db_nacl_to_port = [0] 79 | egress_db_nacl_protocol = ["-1"] 80 | egress_db_nacl_cidr_block = ["0.0.0.0/0"] 81 | 82 | ##management nacl 83 | ingress_management_nacl_rule_no = [100] 84 | ingress_management_nacl_action = ["allow"] 85 | ingress_management_nacl_from_port = [0] 86 | ingress_management_nacl_to_port = [0] 87 | ingress_management_nacl_protocol = ["-1"] 88 | ingress_management_nacl_cidr_block = ["0.0.0.0/0"] 89 | 90 | egress_management_nacl_rule_no = [200] 91 | egress_management_nacl_action = ["allow"] 92 | egress_management_nacl_from_port = [0] 93 | egress_management_nacl_to_port = [0] 94 | egress_management_nacl_protocol = ["-1"] 95 | egress_management_nacl_cidr_block = ["0.0.0.0/0"] 96 | 97 | #platform nacl 98 | ingress_platform_nacl_rule_no = [100] 99 | ingress_platform_nacl_action = ["allow"] 100 | ingress_platform_nacl_from_port = [0] 101 | ingress_platform_nacl_to_port = [0] 102 | ingress_platform_nacl_protocol = ["-1"] 103 | ingress_platform_nacl_cidr_block = ["0.0.0.0/0"] 104 | 105 | egress_platform_nacl_rule_no = [200] 106 | egress_platform_nacl_action = ["allow"] 107 | egress_platform_nacl_from_port = [0] 108 | egress_platform_nacl_to_port = [0] 109 | egress_platform_nacl_protocol = ["-1"] 110 | egress_platform_nacl_cidr_block = ["0.0.0.0/0"] 111 | 112 | #endpoint 113 | create_s3_endpoint = true 114 | create_secrets_manager_endpoint = true 115 | create_cloudwatch_logs_endpoint = true 116 | --------------------------------------------------------------------------------