diff --git a/.github/.DS_Store b/.github/.DS_Store index b14d058..385f4b4 100644 Binary files a/.github/.DS_Store and b/.github/.DS_Store differ diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml index fe56864..97d3f58 100644 --- a/.github/workflows/trivy.yaml +++ b/.github/workflows/trivy.yaml @@ -10,6 +10,32 @@ permissions: packages: write jobs: +<<<<<<< HEAD +======= + trivy: + name: Trivy Vulnerability Scan + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Run Tricy vulnerabiltiy scanner in repo mode + uses: aquasecurity/trivy-action@0.28.0 + with: + scan-type: 'fs' + scan-path: '.' + severity: 'CRITICAL' + format: 'sarif' + output: 'trivy-results.sarif' + ignore-unfixed: true + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'trivy-results.sarif' +# + +>>>>>>> 6963c00 (another one) iac_scan: name: iac_scan runs-on: ubuntu-24.04 diff --git a/.github/workflows/unit-testing.yaml b/.github/workflows/unit-testing.yaml new file mode 100644 index 0000000..b5ae8e9 --- /dev/null +++ b/.github/workflows/unit-testing.yaml @@ -0,0 +1,101 @@ +name: Unit Testing + +on: + workflow_dispatch: + +permissions: + actions: read + contents: read + security-events: write +#### +jobs: + tf-formatting: + name: 'Terraform Formatting' + runs-on: ubuntu-latest + steps: + - name: 'Checkout GitHub Repo' + uses: actions/checkout@v4 + + - name: 'Set up Terraform' + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 'latest' + + - name: 'Terraform init' + run: terraform init + + - name: 'Terraform Format' + run: terraform fmt -check + + - name: 'Terraform validate' + run: terraform validate + + - name: 'TFLint' + run: | + tflint --init + tflint +#### + trivy: + name: Trivy Vulnerability Scan + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Run Trivy vulnerability scanner in repo mode + uses: aquasecurity/trivy-action@0.28.0 + with: + scan-type: 'fs' + severity: 'CRITICAL' + format: 'sarif' + output: 'trivy-results.sarif' + ignore-unfixed: true +#### + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'trivy-results.sarif' + + iac_scan: + name: IaC Scan + runs-on: ubuntu-24.04 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Run Trivy vulnerability scanner in IaC mode + uses: aquasecurity/trivy-action@0.28.0 + with: + scan-type: 'config' + hide-progress: false + format: 'sarif' + output: 'trivy-results.sarif' + exit-code: '1' + severity: 'CRITICAL' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'trivy-results.sarif' + + tfsec: + name: 'tfsec' + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: 'Install Tfsec' + uses: aquasecurity/tfsec-sarif-action@21ded20e8ca120cd9d3d6ab04ef746477542a608 + with: + sarif_file: tfsec.sarif +##### + checkov: + name: Run Checkov + runs-on: ubuntu-latest + steps: + - name: 'Run Checkov' + uses: bridgecrewio/checkov-action@v12 + with: + output_format: cli,sarif + output_file_path: console,results.sarif diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1c99dc1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.terraform/ diff --git a/Azure-WAN/.gitignore b/Azure-WAN/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/Azure-WAN/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/Documentation b/Documentation new file mode 100644 index 0000000..b920e34 --- /dev/null +++ b/Documentation @@ -0,0 +1,46 @@ +######################################################### +# Topics I'm going to explore in this module +######################################################### + + +### Conditional logic + - Conditionally create VPC + - Based off the bool the subsequent resources associated to the VPC will be created or not + - Create IGW based off of bool + - That IGW should then have logic in a locals variable, that says. "if the vpc bool == true and the public route table == true then create a route to the internet gateway" + - example logic: + locals{ + create_route_to_igw = var.create_vpc && var.create_igw && local.create_public_route_table + } + - Create NAT Gateway based off of bool + - That NAT should then have logic in a locals variable, that says. "if the vpc bool == true and the private subnet creation == true then create a route to the NAT gateway" + - example logic: + locals{ + create_route_to_nat = var.create_vpc && var.create_igw && local.create_private_route_table + } +### Count + - Couple conditional logic with the Count meta argument + - Based off of the conditions bool will determine how many of the VPCs are created + +### Dynamic Resource Allocation + - Based on how many VPCs are created will result in how many Private, Public Subnets are created + - Along with Route tables for Public and Private subs + - Internet Gateway + - NAT Gateway + +### Dynamic CIDR Blocks + - Use one of the Terraform functions to create CIDRs for subnets based off of the VPC created. + +### Dynamic Resource Creation: + - allow the user to specify how many of a given resource is created + - + +### map(string) variables for tags with string interpolation + - Name + - Environment + - example: + variable "tags"{ + description = "tags for each resource" + type = map(string) + default = {} + } \ No newline at end of file diff --git a/IAM/.DS_Store b/IAM/.DS_Store new file mode 100644 index 0000000..d65e215 Binary files /dev/null and b/IAM/.DS_Store differ diff --git a/IAM/.gitignore b/IAM/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/IAM/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/IAM/CloudWatch-Logging/.gitignore b/IAM/CloudWatch-Logging/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/IAM/CloudWatch-Logging/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/IAM/CloudWatch-Logging/main.tf b/IAM/CloudWatch-Logging/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/IAM/CloudWatch-Logging/outputs.tf b/IAM/CloudWatch-Logging/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/IAM/CloudWatch-Logging/variables.tf b/IAM/CloudWatch-Logging/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/IAM/SSM-Policy/.gitignore b/IAM/SSM-Policy/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/IAM/SSM-Policy/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/IAM/SSM-Policy/main.tf b/IAM/SSM-Policy/main.tf new file mode 100644 index 0000000..cccb1d3 --- /dev/null +++ b/IAM/SSM-Policy/main.tf @@ -0,0 +1,86 @@ +### use the IAM policy created for SSM ### + +resource "aws_iam_policy" "ssm_policy" { + name = "AmazonSSMManagedInstanceCore" + path = "/" + description = "SSM policy" + + # Terraform's "jsonencode" function converts a + # Terraform expression result to valid JSON syntax. + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + "Effect": "Allow", + "Action": [ + "ssm:DescribeAssociation", + "ssm:GetDeployablePatchSnapshotForInstance", + "ssm:GetDocument", + "ssm:DescribeDocument", + "ssm:GetManifest", + "ssm:GetParameter", + "ssm:GetParameters", + "ssm:ListAssociations", + "ssm:ListInstanceAssociations", + "ssm:PutInventory", + "ssm:PutComplianceItems", + "ssm:PutConfigurePackageResult", + "ssm:UpdateAssociationStatus", + "ssm:UpdateInstanceAssociationStatus", + "ssm:UpdateInstanceInformation" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2messages:AcknowledgeMessage", + "ec2messages:DeleteMessage", + "ec2messages:FailMessage", + "ec2messages:GetEndpoint", + "ec2messages:GetMessages", + "ec2messages:SendReply" + ], + "Resource": "*" + } + ] + }) +} + +data "aws_iam_policy_document" "ssm_policy_doc" { + statement { + actions = [ + "sts:AssumeRole" + ] + principals { + type = "Service" + identifiers = ["ec2.amazonaws.com"] + } + effect = "Allow" + } +} + +resource "aws_iam_role" "ssm_role" { + name = "AmazonSSMManagedInstanceCore1" + assume_role_policy = data.aws_iam_policy_document.ssm_policy_doc.json +} + +resource "aws_iam_role_policy_attachment" "attach_ssm_policy" { + role = aws_iam_role.ssm_role.name + policy_arn = aws_iam_policy.ssm_policy.arn +} + +resource "aws_iam_instance_profile" "ssm_profile" { + name = "AmazonSSMManagedInstanceCore2" + role = aws_iam_role.ssm_role.name +} \ No newline at end of file diff --git a/IAM/SSM-Policy/outputs.tf b/IAM/SSM-Policy/outputs.tf new file mode 100644 index 0000000..6916d96 --- /dev/null +++ b/IAM/SSM-Policy/outputs.tf @@ -0,0 +1,18 @@ +output "iam_instance_profile" { + description = "IAM Instance Profile for SSM" + value = aws_iam_instance_profile.ssm_profile.name +} +output "ssm_policy_arn" { + description = "ARN of the SSM IAM Policy" + value = aws_iam_policy.ssm_policy.arn +} + +output "ssm_role_name" { + description = "Name of the SSM IAM Role" + value = aws_iam_role.ssm_role.name +} + +output "aws_iam_policy" { + description = "IAM Policy for SSM" + value = aws_iam_policy.ssm_policy +} \ No newline at end of file diff --git a/IAM/SSM-Policy/variables.tf b/IAM/SSM-Policy/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/.DS_Store b/S2S-VPN/.DS_Store new file mode 100644 index 0000000..05d51ee Binary files /dev/null and b/S2S-VPN/.DS_Store differ diff --git a/S2S-VPN/.gitignore b/S2S-VPN/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/S2S-VPN/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/S2S-VPN/Environments/.DS_Store b/S2S-VPN/Environments/.DS_Store new file mode 100644 index 0000000..44d7535 Binary files /dev/null and b/S2S-VPN/Environments/.DS_Store differ diff --git a/S2S-VPN/Environments/dev/.gitignore b/S2S-VPN/Environments/dev/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/S2S-VPN/Environments/dev/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/S2S-VPN/Environments/dev/backend.tf b/S2S-VPN/Environments/dev/backend.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/dev/main.tf b/S2S-VPN/Environments/dev/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/dev/providers.tf b/S2S-VPN/Environments/dev/providers.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/dev/terraform.tfvars b/S2S-VPN/Environments/dev/terraform.tfvars new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/dev/variables.tf b/S2S-VPN/Environments/dev/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/prod/.gitignore b/S2S-VPN/Environments/prod/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/S2S-VPN/Environments/prod/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/S2S-VPN/Environments/prod/backend.tf b/S2S-VPN/Environments/prod/backend.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/prod/main.tf b/S2S-VPN/Environments/prod/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/prod/providers.tf b/S2S-VPN/Environments/prod/providers.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/prod/terraform.tfvars b/S2S-VPN/Environments/prod/terraform.tfvars new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/prod/variables.tf b/S2S-VPN/Environments/prod/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/test/.gitignore b/S2S-VPN/Environments/test/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/S2S-VPN/Environments/test/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/S2S-VPN/Environments/test/backend.tf b/S2S-VPN/Environments/test/backend.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/test/main.tf b/S2S-VPN/Environments/test/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/test/providers.tf b/S2S-VPN/Environments/test/providers.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/test/terraform.tfvars b/S2S-VPN/Environments/test/terraform.tfvars new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/test/variables.tf b/S2S-VPN/Environments/test/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/modules/.DS_Store b/S2S-VPN/modules/.DS_Store new file mode 100644 index 0000000..3d37759 Binary files /dev/null and b/S2S-VPN/modules/.DS_Store differ diff --git a/TransitGatway/.DS_Store b/TransitGatway/.DS_Store new file mode 100644 index 0000000..9498eeb Binary files /dev/null and b/TransitGatway/.DS_Store differ diff --git a/TransitGatway/.gitignore b/TransitGatway/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/TransitGatway/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/TransitGatway/Environments/.DS_Store b/TransitGatway/Environments/.DS_Store new file mode 100644 index 0000000..6eb6bee Binary files /dev/null and b/TransitGatway/Environments/.DS_Store differ diff --git a/TransitGatway/Environments/dev/.gitignore b/TransitGatway/Environments/dev/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/TransitGatway/Environments/dev/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/TransitGatway/Environments/prod/.gitignore b/TransitGatway/Environments/prod/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/TransitGatway/Environments/prod/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/TransitGatway/Environments/test/.gitignore b/TransitGatway/Environments/test/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/TransitGatway/Environments/test/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VNET/.DS_Store b/VNET/.DS_Store new file mode 100644 index 0000000..d43f57a Binary files /dev/null and b/VNET/.DS_Store differ diff --git a/VNET/.gitignore b/VNET/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VNET/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VNET/environment/.gitignore b/VNET/environment/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VNET/environment/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VNET/environment/dev/.gitignore b/VNET/environment/dev/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VNET/environment/dev/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VNET/environment/test-v1/.gitignore b/VNET/environment/test-v1/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VNET/environment/test-v1/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VNET/environment/test-v1/backend.tf b/VNET/environment/test-v1/backend.tf new file mode 100644 index 0000000..1f6d9a8 --- /dev/null +++ b/VNET/environment/test-v1/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "azurerm" { + resource_group_name = "tf_state" + storage_account_name = "tfstatefile84" + container_name = "testtfstate" + key = "multiclonetwork.terraform.tfstate" + subscription_id = "" + } +} \ No newline at end of file diff --git a/VNET/environment/test-v1/main.tf b/VNET/environment/test-v1/main.tf new file mode 100644 index 0000000..118050d --- /dev/null +++ b/VNET/environment/test-v1/main.tf @@ -0,0 +1,245 @@ +############################################################################################# +# Local Variables +############################################################################################# + +locals { + environment = "test-v1" + vnet_name = "vnet-${local.environment}" + location = "eastus" + second_location = "westus" + name = "smooth" + global_name = "${local.name}-${local.environment}" + tags = { + environment = local.environment + name = local.name + } + vnet_address_space = ["10.0.0.0/16"] + vnet2_address_space = ["10.10.0.0/16"] +} + +############################################################################################# +# Resource Group Module +############################################################################################# + +module "resource_group" { + source = "../../modules/resource-group" + resource_groups = { + smooths_rg1 = { + name = "smooths-rg1" + location = local.location + } + smooth_rg2 = { + name = "smooth-rg2" + location = local.second_location + } + } + tags = local.tags + +} + +############################################################################################# +# Virtual Network Module +############################################################################################# + + +module "virtual_network" { + source = "../../modules/virtual-network" + virtual_network = { + smooths_vnet1 = { + name = local.vnet_name + address_space = local.vnet_address_space + location = local.location + resource_group_name = module.resource_group.resource_group_name["smooths_rg1"] + } + smooths_vnet2 = { + name = local.vnet_name + address_space = local.vnet2_address_space + location = local.second_location + resource_group_name = module.resource_group.resource_group_name["smooth_rg2"] + } + + } + tags = local.tags +} + +############################################################################################# +# Subnet Module +############################################################################################# + +module "subnets" { + source = "../../modules/subnet" + subnets = { + smooths_subnet1 = { + name = "smooths-subnet1" + resource_group_name = module.resource_group.resource_group_name["smooths_rg1"] + virtual_network_name = module.virtual_network.virutal_network_name["smooths_vnet1"] + address_prefixes = ["10.0.1.0/24"] + + service_endpoints = [ + "Microsoft.Storage", + "Microsoft.Sql", + ] + } + smooths_subnet2 = { + name = "smooths-subnet2" + resource_group_name = module.resource_group.resource_group_name["smooths_rg1"] + virtual_network_name = module.virtual_network.virutal_network_name["smooths_vnet1"] + address_prefixes = ["10.0.2.0/24"] + } + smooth_subnet1 = { + name = "smooths-subnet1" + resource_group_name = module.resource_group.resource_group_name["smooth_rg2"] + virtual_network_name = module.virtual_network.virutal_network_name["smooths_vnet2"] + address_prefixes = ["10.10.10.0/24"] + + } + smooth_subnet2 = { + name = "smooths-subnet2" + resource_group_name = module.resource_group.resource_group_name["smooth_rg2"] + virtual_network_name = module.virtual_network.virutal_network_name["smooths_vnet2"] + address_prefixes = ["10.10.1.0/24"] + + delegation = { + name = "delegation1" + + service_delegation = { + name = "Microsoft.ContainerInstance/containerGroups" + actions = [ + "Microsoft.Network/networkinterfaces/*", + "Microsoft.Network/virtualNetworks/subnets/join/action", + + ] + } + } + } + } +} +######################################################################################## +# Linux VM +######################################################################################## + +module "linux_vm" { + source = "../../../virtual-machines/Azure/Linux-VM" + + network_interface = { + nic1 = { + name = "linux-nic1" + location = local.location + ip_configuration = { + name = "internal" + subnet_id = module.subnets.subnet_id["smooths_subnet1"] + private_ip_address_allocation = "Dynamic" + } + } + nic2 = { + name = "linux-nic2" + location = local.location + ip_configuration = { + name = "internal" + subnet_id = module.subnets.subnet_id["smooth_subnet1"] + private_ip_address_allocation = "Dynamic" + } + } + } + linux_vm = { + Vm1 = { + name = "Linux-VM1" + resource_group_name = odule.resource_group.resource_group_name["smooths_rg1"] + location = local.location + size = "Standard_F2" + admin_username = "adminuser" + network_interface_ids = [module.linux_vm.network_interface_ids["nic1"]] + } + + Vm2 = { + name = "Linux-VM2" + resource_group_name = odule.resource_group.resource_group_name["smooths_rg2"] + location = local.location + size = "Standard_F2" + admin_username = "adminuser" + network_interface_ids = [module.linux_vm.network_interface_ids["nic2"]] + } + } +} + +######################################################################################### +# Storage Account +######################################################################################### + +module "storage_accounts" { + source = "../../modules/storage-account" + storage_accounts = { + smooths_sa1 = { + name = "smoothssa1" + resource_group_name = module.resource_group.resource_group_name["smooths_rg1"] + location = local.location + account_tier = "Standard" + account_replication_type = "LRS" + } + smooths_sa2 = { + name = "smoothssa2" + resource_group_name = module.resource_group.resource_group_name["smooth_rg2"] + location = local.second_location + account_tier = "Standard" + account_replication_type = "LRS" + } + } + storage_containers = { + smooths_container1 = { + name = "smooths-container1" + storage_account_id = module.storage_accounts.storage_account_id["smooths_sa1"] + container_access_type = "private" + } + smooths_container2 = { + name = "smooths-container2" + storage_account_id = module.storage_accounts.storage_account_id["smooths_sa2"] + container_access_type = "private" + } + } + tags = local.tags +} + +######################################################################################### +# Network Security Group +######################################################################################### + +module "network_security_group" { + source = "../../modules/network-security-group" + + network_security_groups = { + smooths_nsg1 = { + name = "smooths-nsg1" + location = local.location + resource_group_name = module.resource_group.resource_group_name["smooths_rg1"] + } + } + network_security_group_rules = { + smooths_nsg_rule1 = { + name = "smooths-nsg-rule1" + priority = 100 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_address_prefix = "*" + destination_address_prefix = "*" + source_port_range = "*" + destination_port_range = "80" + target_nsg_key = "smooths_nsg1" + resource_group_name = module.resource_group.resource_group_name["smooths_rg1"] + } + smooths_nsg_rule2 = { + name = "smooths-nsg-rule2" + priority = 200 + direction = "Outbound" + access = "Allow" + protocol = "Tcp" + source_address_prefix = "*" + destination_address_prefix = "*" + source_port_range = "*" + destination_port_range = "443" + target_nsg_key = "smooths_nsg1" + resource_group_name = module.resource_group.resource_group_name["smooths_rg1"] + } + } + tags = local.tags +} diff --git a/VNET/environment/test-v1/providers.tf b/VNET/environment/test-v1/providers.tf new file mode 100644 index 0000000..eeb0764 --- /dev/null +++ b/VNET/environment/test-v1/providers.tf @@ -0,0 +1,22 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "4.34.0" + } + } +} +# Configure the Microsoft Azure Provider +provider "azurerm" { + subscription_id = "" + features { + resource_group { + prevent_deletion_if_contains_resources = false + } + key_vault { + purge_soft_delete_on_destroy = true + recover_soft_deleted_key_vaults = true + } + + } +} \ No newline at end of file diff --git a/VNET/environment/test-v1/variables.tf b/VNET/environment/test-v1/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/VNET/modules/network-security-group/main.tf b/VNET/modules/network-security-group/main.tf new file mode 100644 index 0000000..c86b9d4 --- /dev/null +++ b/VNET/modules/network-security-group/main.tf @@ -0,0 +1,26 @@ +#################################################################################### +# Network Security Group Module +#################################################################################### + +resource "azurerm_network_security_group" "this" { + for_each = var.network_security_groups + name = each.value.name + location = each.value.location + resource_group_name = each.value.resource_group_name +} + +resource "azurerm_network_security_rule" "this" { + for_each = var.network_security_group_rules + name = each.value.name + priority = each.value.priority + direction = each.value.direction + access = each.value.access + protocol = each.value.protocol + source_address_prefix = each.value.source_address_prefix + destination_address_prefix = each.value.destination_address_prefix + source_port_range = each.value.source_port_range + destination_port_range = each.value.destination_port_range + network_security_group_name = azurerm_network_security_group.this[each.value.target_nsg_key].name + resource_group_name = azurerm_network_security_group.this[each.value.target_nsg_key].resource_group_name +} + diff --git a/VNET/modules/network-security-group/outputs.tf b/VNET/modules/network-security-group/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VNET/modules/network-security-group/variables.tf b/VNET/modules/network-security-group/variables.tf new file mode 100644 index 0000000..e7498ee --- /dev/null +++ b/VNET/modules/network-security-group/variables.tf @@ -0,0 +1,35 @@ +#################################################################################### +# Network Security Group Variables +#################################################################################### + + +variable "tags" { + description = "Tags to apply to all resources" + type = map(string) +} + +variable "network_security_groups" { + description = "Map of network security groups to create" + type = map(object({ + name = string + location = string + resource_group_name = string + })) +} + +variable "network_security_group_rules" { + description = "Map of network security group rules to create" + type = map(object({ + name = string + priority = number + direction = string # e.g. "Inbound", "Outbound" + access = string # e.g. "Allow", "Deny" + protocol = string # e.g. "Tcp", "Udp", "*" + source_address_prefix = optional(string, "*") + destination_address_prefix = optional(string, "*") + source_port_range = optional(string, "*") + destination_port_range = optional(string, "*") + target_nsg_key = optional(string, null) # Key to reference the target NSG in the azurerm_network_security_group resource + + })) +} \ No newline at end of file diff --git a/VNET/modules/resource-group/.gitignore b/VNET/modules/resource-group/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VNET/modules/resource-group/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VNET/modules/resource-group/main.tf b/VNET/modules/resource-group/main.tf new file mode 100644 index 0000000..66d050a --- /dev/null +++ b/VNET/modules/resource-group/main.tf @@ -0,0 +1,13 @@ +##################################################################### +# Resource Group Module +####################################################################### + + + +resource "azurerm_resource_group" "this" { + for_each = var.resource_groups + name = each.value.name + location = each.value.location + + tags = var.tags +} \ No newline at end of file diff --git a/VNET/modules/resource-group/outputs.tf b/VNET/modules/resource-group/outputs.tf new file mode 100644 index 0000000..074ba06 --- /dev/null +++ b/VNET/modules/resource-group/outputs.tf @@ -0,0 +1,11 @@ +output "resource_group_name" { + description = "The name of the resource group." + value = {for k ,v in azurerm_resource_group.this : k => v.name} + +} + +output "location" { + description = "The location of the resource group." + value = {for k ,v in azurerm_resource_group.this : k => v.location} + +} \ No newline at end of file diff --git a/VNET/modules/resource-group/variables.tf b/VNET/modules/resource-group/variables.tf new file mode 100644 index 0000000..ee81305 --- /dev/null +++ b/VNET/modules/resource-group/variables.tf @@ -0,0 +1,16 @@ +##################################################################### +# Resource Group Variables +####################################################################### + +variable "resource_groups" { + description = "Map of resource groups to create" + type = map(object({ + name = string + location = string + })) +} + +variable "tags"{ + description = "Tags to apply to the resource group" + type = map(string) +} \ No newline at end of file diff --git a/VNET/modules/storage-account/.gitignore b/VNET/modules/storage-account/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VNET/modules/storage-account/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VNET/modules/storage-account/main.tf b/VNET/modules/storage-account/main.tf new file mode 100644 index 0000000..b27b0d8 --- /dev/null +++ b/VNET/modules/storage-account/main.tf @@ -0,0 +1,29 @@ +######################################################################################### +# Storage Account +######################################################################################### + +resource "azurerm_storage_account" "this" { + for_each = var. storage_accounts + name = each.value.name + resource_group_name = each.value.resource_group_name + location = each.value.location + account_tier = each.value.account_tier + account_replication_type = each.value.account_replication_type + + tags = var.tags + + + +} + +######################################################################################### +# Container Variables +######################################################################################### +resource "azurerm_storage_container" "this" { + for_each = var.storage_containers + name = each.value.name + storage_account_id = each.value.storage_account_id + container_access_type = each.value.container_access_type + + depends_on = [ azurerm_storage_account.this ] +} \ No newline at end of file diff --git a/VNET/modules/storage-account/outputs.tf b/VNET/modules/storage-account/outputs.tf new file mode 100644 index 0000000..6673839 --- /dev/null +++ b/VNET/modules/storage-account/outputs.tf @@ -0,0 +1,4 @@ +output "storage_account_id" { + description = "Storage account ID." + value = {for k, v in azurerm_storage_account.this : k => v.id} +} \ No newline at end of file diff --git a/VNET/modules/storage-account/variables.tf b/VNET/modules/storage-account/variables.tf new file mode 100644 index 0000000..aae37fe --- /dev/null +++ b/VNET/modules/storage-account/variables.tf @@ -0,0 +1,34 @@ +######################################################################################### +# Storage Account Variables +######################################################################################### + +variable "storage_accounts" { + description = "Map of storage accounts to create" + type = map(object({ + name = string + location = string + resource_group_name = string + account_tier = string # e.g. "Standard", "Premium" + account_replication_type = string # e.g. "Standard_LRS", "Premium_LRS", etc. + })) +} + + +######################################################################################### +# Container Variables +######################################################################################### + +variable "storage_containers" { + description = "Map of storage containers to create" + type = map(object({ + name = string + storage_account_id = string + container_access_type = string # e.g. "private", "blob", "container" + })) +} + +variable "tags" { + description = "Tags to apply to the storage accounts and containers" + type = map(string) + +} \ No newline at end of file diff --git a/VNET/modules/subnet/.gitignore b/VNET/modules/subnet/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VNET/modules/subnet/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VNET/modules/subnet/main.tf b/VNET/modules/subnet/main.tf new file mode 100644 index 0000000..7137f55 --- /dev/null +++ b/VNET/modules/subnet/main.tf @@ -0,0 +1,25 @@ +################################################################################ +# Subnet Module +################################################################################ + +resource "azurerm_subnet" "this" { + for_each = var.subnets + name = each.value.name + resource_group_name = each.value.resource_group_name + virtual_network_name = each.value.virtual_network_name + address_prefixes = each.value.address_prefixes + + dynamic "delegation" { + for_each = each.value.delegation == null ? [] : [each.value.delegation] + + content { + name = delegation.value.name + + service_delegation { + name = delegation.value.service_delegation.name + actions = delegation.value.service_delegation.actions + } + } + } + service_endpoints = each.value.service_endpoints +} \ No newline at end of file diff --git a/VNET/modules/subnet/outputs.tf b/VNET/modules/subnet/outputs.tf new file mode 100644 index 0000000..3309ec8 --- /dev/null +++ b/VNET/modules/subnet/outputs.tf @@ -0,0 +1,9 @@ +output "subnet_id" { + description = "The ID of the subnet." + value = {for k, v in azurerm_subnet.this : k => v.id} + +} +output "subnet_address_prefixes" { + description = "subnet address prefixes aka subnet CIDR." + value = {for k, v in azurerm_subnet.this : k => v.address_prefixes} +} \ No newline at end of file diff --git a/VNET/modules/subnet/variables.tf b/VNET/modules/subnet/variables.tf new file mode 100644 index 0000000..2bd9a00 --- /dev/null +++ b/VNET/modules/subnet/variables.tf @@ -0,0 +1,24 @@ +################################################################################ +# Subnet Variables +################################################################################ + +variable "subnets" { + description = "Map of subnets to create" + type = map(object({ + name = string + address_prefixes = list(string) + virtual_network_name = string + resource_group_name = string + service_endpoints = optional(list(string), []) + network_security_group_id = optional(string, null) + delegation = optional(object({ + name = string + service_delegation = object({ + name = string + actions = list(string) + }) + service_endpoints = optional(list(string), []), + })) + })) + +} \ No newline at end of file diff --git a/VNET/modules/virtual-network/.gitignore b/VNET/modules/virtual-network/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VNET/modules/virtual-network/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VNET/modules/virtual-network/main.tf b/VNET/modules/virtual-network/main.tf new file mode 100644 index 0000000..36edbe8 --- /dev/null +++ b/VNET/modules/virtual-network/main.tf @@ -0,0 +1,14 @@ +################################################################################ +# Virtul Network Module +################################################################################ + +resource "azurerm_virtual_network" "this" { + for_each = var.virtual_network + name = each.value.name + address_space = each.value.address_space + location = each.value.location + resource_group_name = each.value.resource_group_name + + tags = var.tags + +} \ No newline at end of file diff --git a/VNET/modules/virtual-network/outputs.tf b/VNET/modules/virtual-network/outputs.tf new file mode 100644 index 0000000..3c31a7d --- /dev/null +++ b/VNET/modules/virtual-network/outputs.tf @@ -0,0 +1,18 @@ +output "virutal_network_name" { + description = "The name of the virtual network." + value = {for k, v in azurerm_virtual_network.this : k => v.name} + +} + +output "virutal_network_id" { + description = "The ID of the virtual network." + value = {for k, v in azurerm_virtual_network.this : k => v.id} + +} +output "vnet_address_space" { + description = "The address space of the virtual network." + value = {for k, v in azurerm_virtual_network.this : k => v.address_space} + +} + + diff --git a/VNET/modules/virtual-network/variables.tf b/VNET/modules/virtual-network/variables.tf new file mode 100644 index 0000000..593b74f --- /dev/null +++ b/VNET/modules/virtual-network/variables.tf @@ -0,0 +1,18 @@ +################################################################################ +# Virtul Network Variables +################################################################################ + +variable "virtual_network" { + description = "Map of virtual networks to create" + type = map(object({ + name = string + address_space = list(string) + location = string + resource_group_name = string + })) +} +variable "tags" { + description = "Tags to apply all resources" + type = map(string) + +} \ No newline at end of file diff --git a/VPC-Peering/Environments/dev/backend.tf b/VPC-Peering/Environments/dev/backend.tf index 409aaf7..080c06f 100644 --- a/VPC-Peering/Environments/dev/backend.tf +++ b/VPC-Peering/Environments/dev/backend.tf @@ -1,7 +1,7 @@ terraform { backend "s3" { bucket = "terraform-state-bucket1237546" - key = "dev-vpc-by-terraform-state.tfstate" + key = "dev-vpc-peering-terraform-state.tfstate" region = "us-east-1" use_lockfile = true } diff --git a/VPC-Peering/Environments/dev/main.tf b/VPC-Peering/Environments/dev/main.tf index e69de29..c495f5f 100644 --- a/VPC-Peering/Environments/dev/main.tf +++ b/VPC-Peering/Environments/dev/main.tf @@ -0,0 +1,347 @@ +locals { + region = "us-east-1" + region_2 = "us-east-1" + tags = { + Environment = "dev" + Project = "VPC-Peering" + Owner = "Smooth" + } + + name = "vpc-peering-dev" + + vpc_names = { + requester = "${local.name}-requester" + accepter = "${local.name}-accepter" + } +} + + +################################################################### +# VPC Module +################################################################### + +module "vpc" { + source = "../../../VPC/Modules/vpc" + + + tags = local.tags + # name = local.name + vpc_attributes = { + "requester_vpc" = { + cidr_block = "10.0.0.0/16" + enable_dns_support = true + enable_dns_hostnames = true + region = local.region + name = local.vpc_names.requester + }, + "accepter_vpc" = { + cidr_block = "10.10.0.0/16" + enable_dns_support = true + enable_dns_hostnames = true + region = local.region_2 + name = local.vpc_names.accepter + + } + } +} + +################################################################### +# Subnet Module +################################################################### + +module "subnets" { + source = "../../../VPC/modules/subnets" + name = local.name + tags = local.tags + + private_subnets = { + "requester-priv-subnet-1" = { + cidr_block = ["10.0.0.0/24"] + availability_zone = ["us-east-1a"] + map_public_ip_on_launch = false + vpc_id = module.vpc.vpc_id["requester_vpc"] + } + + "accepter-priv-subnet-1" = { + cidr_block = ["10.10.0.0/24"] + availability_zone = ["us-east-1a"] + map_public_ip_on_launch = false + vpc_id = module.vpc.vpc_id["accepter_vpc"] + } + } + public_subnets = { + "requester-pub-subnet-2" = { + cidr_block = ["10.0.1.0/24"] + availability_zone = ["us-east-1b"] + map_public_ip_on_launch = true + vpc_id = module.vpc.vpc_id["requester_vpc"] + + } + "accepter-pub-subnet-2" = { + cidr_block = ["10.10.1.0/24"] + availability_zone = ["us-east-1b"] + map_public_ip_on_launch = true + vpc_id = module.vpc.vpc_id["accepter_vpc"] + } + } +} + +################################################################### +# VPC Peering Module``` +################################################################### + +module "peerings" { + source = "../../modules/single-vpc-to-vpc-v2" + + vpc_peering_connection = { + "peering_connection" = { + vpc_id = module.vpc.vpc_id["requester_vpc"] # Requester VPC ID + peer_vpc_id = module.vpc.vpc_id["accepter_vpc"] # accepter VPC ID + + auto_accept = true # Auto accept the connection + name = "requester-peering" + + } + } + vpc_peering_accepter = { + accepter-peer = { + vpc_peering_connection_id = module.peerings.this_connection["peering_connection"] # VPC Peering Connection ID + auto_accept = true + name = "accepter-peer" # Auto accept the connection + } + } + + tags = local.tags + depends_on = [module.vpc, module.subnets] + +} + +################################################################### +# IGW - NAT Module +################################################################### + +module "igw-nat" { + source = "../../../VPC/modules/igw-nat" + eip = { + requester_eip = {} + accepter_eip = {} + } + + nat_gateway = { + requester-nat = { + allocation_id = module.igw-nat.allocation_id["requester_eip"] + subnet_id = module.subnets.public_subnets["requester-pub-subnet-2"] + } + accepter-nat = { + allocation_id = module.igw-nat.allocation_id["accepter_eip"] + subnet_id = module.subnets.public_subnets["accepter-pub-subnet-2"] + } + } + internet_gateway = { + requester-igw = { + vpc_id = module.vpc.vpc_id["requester_vpc"] + } + accepter-igw = { + vpc_id = module.vpc.vpc_id["accepter_vpc"] + } + } + tags = local.tags + name = "${local.name}-igw" + +} + +################################################################### +# Route table Module +################################################################### + +module "route-tables" { + source = "../../../VPC/modules/route-tables" + + tags = local.tags + name = local.name + public_route_tables = { + requester_pub_rt = { + vpc_id = module.vpc.vpc_id["requester_vpc"] + } + accepter_pub_rt = { + vpc_id = module.vpc.vpc_id["accepter_vpc"] + } + } + + private_route_tables = { + requester_priv_rt = { + vpc_id = module.vpc.vpc_id["requester_vpc"] + } + + accepter_priv_rt = { + vpc_id = module.vpc.vpc_id["accepter_vpc"] + } + } + + ############################################################################### + # Public Routes + ############################################################################### + public_routes = { + route-requester-igw = { + vpc_id = module.vpc.vpc_id["requester_vpc"] + route_table_id = module.route-tables.public_route_table_id["requester_pub_rt"] + gateway_id = module.igw-nat.igw_id["requester-igw"] + destination_cidr_block = "0.0.0.0/0" + + } + + route-accepter-igw = { + vpc_id = module.vpc.vpc_id["accepter_vpc"] + route_table_id = module.route-tables.public_route_table_id["accepter_pub_rt"] + gateway_id = module.igw-nat.igw_id["accepter-igw"] + destination_cidr_block = "0.0.0.0/0" + } + } + ############################################################################### + # Private Routes + ############################################################################### + + private_routes = { + route-requester-peer = { + route_table_id = module.route-tables.private_route_table_id["requester_priv_rt"] + vpc_peering_connection_id = module.peerings.this_connection["peering_connection"] + destination_cidr_block = module.vpc.vpc_cidr["accepter_vpc"] + } + route-requester-nat = { + route_table_id = module.route-tables.private_route_table_id["requester_priv_rt"] + nat_gateway_id = module.igw-nat.nat_id["requester-nat"] + destination_cidr_block = "0.0.0.0/0" + } + route-accepter-peer = { + route_table_id = module.route-tables.private_route_table_id["accepter_priv_rt"] + vpc_peering_connection_id = module.peerings.this_connection["peering_connection"] + destination_cidr_block = module.vpc.vpc_cidr["requester_vpc"] + } + route-accepter-nat = { + route_table_id = module.route-tables.private_route_table_id["accepter_priv_rt"] + nat_gateway_id = module.igw-nat.nat_id["accepter-nat"] + destination_cidr_block = "0.0.0.0/0" + } + + } + + ############################################################################### + # Route table associations + ############################################################################# + public_route_table_associations = { + pub-requester-assoc = { + route_table_id = module.route-tables.public_route_table_id["requester_pub_rt"] + subnet_id = module.subnets.public_subnets["requester-pub-subnet-2"] + } + pub-accepter-assoc = { + route_table_id = module.route-tables.public_route_table_id["accepter_pub_rt"] + subnet_id = module.subnets.public_subnets["accepter-pub-subnet-2"] + } + } + private_route_table_associations = { + priv-requester-assoc = { + route_table_id = module.route-tables.private_route_table_id["requester_priv_rt"] + subnet_id = module.subnets.private_subnets["requester-priv-subnet-1"] + } + priv-accepter-assoc = { + route_table_id = module.route-tables.private_route_table_id["accepter_priv_rt"] + subnet_id = module.subnets.private_subnets["accepter-priv-subnet-1"] + } + } + +} + +######################################################################## +# EC2 Module +######################################################################## + +module "ec2-instance" { + source = "../../../virtual-machines/AWS/EC2" + + tags = local.tags + name = local.name + + instance_attributes = { + requester_instance = { + instance_type = "t2.micro" + iam_instance_profile = module.ssm_policy.iam_instance_profile + subnet_id = module.subnets.private_subnets["requester-priv-subnet-1"] + vpc_security_group_ids = [module.security-groups.security_group_ids["requester_sg"]] + + } + accepter_instance = { + instance_type = "t2.micro" + iam_instance_profile = module.ssm_policy.iam_instance_profile + subnet_id = module.subnets.private_subnets["accepter-priv-subnet-1"] + vpc_security_group_ids = [module.security-groups.security_group_ids["accepter_sg"]] + + + } + accepter_instance2 = { + instance_type = "t2.micro" + iam_instance_profile = module.ssm_policy.iam_instance_profile + subnet_id = module.subnets.public_subnets["accepter-pub-subnet-2"] + vpc_security_group_ids = [module.security-groups.security_group_ids["accepter_sg"]] + + + } + } + +} +######################################################################## +# IAM SSM Policy +######################################################################## + +module "ssm_policy" { + source = "../../../IAM/SSM-Policy" + +} + +######################################################################## +# Secuirty Group +######################################################################## + +module "security-groups" { + source = "../../../vpc/modules/security-groups" + tags = local.tags + name = local.name + + security_groups = { + requester_sg = { + vpc_id = module.vpc.vpc_id["requester_vpc"] + description = "requester security group allow icmp" + } + accepter_sg = { + vpc_id = module.vpc.vpc_id["accepter_vpc"] + description = "accepter security group allow icmp" + } + } + ingress_rules = { + requester_ingress_icmp = { + type = "ingress" + from_port = -1 + to_port = -1 + protocol = "icmp" + security_group_id = module.security-groups.security_group_ids["requester_sg"] + cidr_blocks = ["0.0.0.0/0"] + + } + accepter_ingress_icmp = { + type = "ingress" + from_port = -1 + to_port = -1 + protocol = "icmp" + security_group_id = module.security-groups.security_group_ids["accepter_sg"] + cidr_blocks = ["0.0.0.0/0"] + } + } + egress_rules = { + requester_egress_rule = { + security_group_id = module.security-groups.security_group_ids["requester_sg"] + } + accepter_egress_rule = { + security_group_id = module.security-groups.security_group_ids["accepter_sg"] + } + } + +} \ No newline at end of file diff --git a/VPC-Peering/Environments/dev/providers.tf b/VPC-Peering/Environments/dev/providers.tf index e69de29..b3d0f7f 100644 --- a/VPC-Peering/Environments/dev/providers.tf +++ b/VPC-Peering/Environments/dev/providers.tf @@ -0,0 +1,21 @@ +terraform { + required_version = ">= 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "6.0.0-beta2" + configuration_aliases = [aws.us-east, aws.us-west] + } + } + +} +provider "aws" { + region = local.region + alias = "us-west" +} + +provider "aws" { + region = local.region_2 + alias = "us-east" +} +## \ No newline at end of file diff --git a/VPC-Peering/Environments/test/backend.tf b/VPC-Peering/Environments/test/backend.tf index 1379a0a..6c563dc 100644 --- a/VPC-Peering/Environments/test/backend.tf +++ b/VPC-Peering/Environments/test/backend.tf @@ -1,8 +1,8 @@ -terraform { - backend "s3" { - bucket = "terraform-state-bucket1237546" - key = "test-vpc-by-terraform-state.tfstate" - region = "us-east-1" - use_lockfile = true - } -} +# terraform { +# backend "s3" { +# bucket = "terraform-state-bucket1237546" +# key = "test-vpc-by-terraform-state.tfstate" +# region = "us-east-1" +# use_lockfile = true +# } +# } diff --git a/VPC-Peering/Environments/test/main.tf b/VPC-Peering/Environments/test/main.tf index 50a06a0..a3f5469 100644 --- a/VPC-Peering/Environments/test/main.tf +++ b/VPC-Peering/Environments/test/main.tf @@ -1,43 +1,43 @@ -module "single-vpc-to-vpc" { - source = "../../Modules/single-vpc-to-vpc" +# module "single-vpc-to-vpc" { +# source = "../../Modules/single-vpc-to-vpc" - providers = { - aws.us-east = aws.us-east - aws.us-west = aws.us-west - } +# providers = { +# aws.us-east = aws.us-east +# aws.us-west = aws.us-west +# } - ### Source VPC Variables ### - environment = var.environment - requestor_vpc_region = var.requestor_vpc_region - requester_vpc_name = "${var.requester_vpc_name}-${var.environment}" - requester_vpc_cidr = var.requester_vpc_cidr - requester_vpc_pub_sub_cidr = var.requester_vpc_pub_sub_cidr - requester_subnet1_cidr = var.requester_subnet1_cidr - requester_subnet1_name = "${var.requester_subnet1_name}-${var.environment}" - requester_subnet1_az = var.requester_subnet1_az - requester_subnet2_name = "${var.requester_subnet2_name}-${var.environment}" - requester_subnet2_cidr = var.requester_subnet2_cidr - requester_subnet2_az = var.requester_subnet2_az - requester_rt_name = "${var.requester_rt_name}-${var.environment}" - requester_ami_id = var.requester_ami_id - instance_type = var.instance_type +# ### Source VPC Variables ### +# environment = var.environment +# requestor_vpc_region = var.requestor_vpc_region +# requester_vpc_name = "${var.requester_vpc_name}-${var.environment}" +# requester_vpc_cidr = var.requester_vpc_cidr +# requester_vpc_pub_sub_cidr = var.requester_vpc_pub_sub_cidr +# requester_subnet1_cidr = var.requester_subnet1_cidr +# requester_subnet1_name = "${var.requester_subnet1_name}-${var.environment}" +# requester_subnet1_az = var.requester_subnet1_az +# requester_subnet2_name = "${var.requester_subnet2_name}-${var.environment}" +# requester_subnet2_cidr = var.requester_subnet2_cidr +# requester_subnet2_az = var.requester_subnet2_az +# requester_rt_name = "${var.requester_rt_name}-${var.environment}" +# requester_ami_id = var.requester_ami_id +# instance_type = var.instance_type - ### Destination VPC Variables ### - acceptor_region = var.acceptor_region - acceptor_vpc_name = "${var.acceptor_vpc_name}-${var.environment}" - acceptor_cidr = var.acceptor_cidr - acceptor_subnet1_cidr = var.acceptor_subnet1_cidr - acceptor_subnet1_name = "${var.acceptor_subnet1_name}-${var.environment}" - acceptor_subnet1_az = var.acceptor_subnet1_az - acceptor_subnet2_name = "${var.acceptor_subnet2_name}-${var.environment}" - acceptor_subnet2_cidr = var.acceptor_subnet2_cidr - acceptor_subnet2_az = var.acceptor_subnet2_az - acceptor_rt_name = "${var.acceptor_rt_name}-${var.environment}" - acceptor_pub_sub_cidr = var.acceptor_pub_sub_cidr - acceptor_ami_id = var.acceptor_ami_id - map_public_ip_on_launch = var.map_public_ip_on_launch +# ### Destination VPC Variables ### +# acceptor_region = var.acceptor_region +# acceptor_vpc_name = "${var.acceptor_vpc_name}-${var.environment}" +# acceptor_cidr = var.acceptor_cidr +# acceptor_subnet1_cidr = var.acceptor_subnet1_cidr +# acceptor_subnet1_name = "${var.acceptor_subnet1_name}-${var.environment}" +# acceptor_subnet1_az = var.acceptor_subnet1_az +# acceptor_subnet2_name = "${var.acceptor_subnet2_name}-${var.environment}" +# acceptor_subnet2_cidr = var.acceptor_subnet2_cidr +# acceptor_subnet2_az = var.acceptor_subnet2_az +# acceptor_rt_name = "${var.acceptor_rt_name}-${var.environment}" +# acceptor_pub_sub_cidr = var.acceptor_pub_sub_cidr +# acceptor_ami_id = var.acceptor_ami_id +# map_public_ip_on_launch = var.map_public_ip_on_launch -} \ No newline at end of file +# } \ No newline at end of file diff --git a/VPC-Peering/Environments/test/providers.tf b/VPC-Peering/Environments/test/providers.tf index b2e9cdf..8f68ee2 100644 --- a/VPC-Peering/Environments/test/providers.tf +++ b/VPC-Peering/Environments/test/providers.tf @@ -1,20 +1,20 @@ -terraform { - required_version = ">= 1.0" - required_providers { - aws = { - source = "hashicorp/aws" - version = "6.0.0-beta2" - configuration_aliases = [aws.us-east, aws.us-west] - } - } -} +# terraform { +# required_version = ">= 1.0" +# required_providers { +# aws = { +# source = "hashicorp/aws" +# version = "6.0.0-beta2" +# configuration_aliases = [aws.us-east, aws.us-west] +# } +# } +# } -provider "aws" { - alias = "us-east" - region = var.requestor_vpc_region -} +# provider "aws" { +# alias = "us-east" +# region = var.requestor_vpc_region +# } -provider "aws" { - alias = "us-west" - region = var.acceptor_region -} \ No newline at end of file +# provider "aws" { +# alias = "us-west" +# region = var.acceptor_region +# } \ No newline at end of file diff --git a/VPC-Peering/Environments/test/terraform.tfvars b/VPC-Peering/Environments/test/terraform.tfvars index 657d007..05b30ad 100644 --- a/VPC-Peering/Environments/test/terraform.tfvars +++ b/VPC-Peering/Environments/test/terraform.tfvars @@ -1,31 +1,31 @@ -### ------ requester VPC Variables ------ ### -requestor_vpc_region = "us-east-1" -environment = "test" -requester_vpc_cidr = "10.0.0.0/16" -requester_vpc_name = "requester-vpc" -requester_subnet1_cidr = "10.0.0.0/24" -requester_subnet1_name = "requester-subnet-1" -requester_subnet1_az = "us-east-1a" -requester_subnet2_name = "requester-subnet-2" -requester_subnet2_cidr = "10.0.1.0/24" -requester_subnet2_az = "us-east-1b" -requester_rt_name = "requester-route-table" -requester_vpc_pub_sub_cidr = "10.0.2.0/24" -requester_ami_id = "ami-0554aa6767e249943" -instance_type = "t2.micro" +# ### ------ requester VPC Variables ------ ### +# requestor_vpc_region = "us-east-1" +# environment = "test" +# requester_vpc_cidr = "10.0.0.0/16" +# requester_vpc_name = "requester-vpc" +# requester_subnet1_cidr = "10.0.0.0/24" +# requester_subnet1_name = "requester-subnet-1" +# requester_subnet1_az = "us-east-1a" +# requester_subnet2_name = "requester-subnet-2" +# requester_subnet2_cidr = "10.0.1.0/24" +# requester_subnet2_az = "us-east-1b" +# requester_rt_name = "requester-route-table" +# requester_vpc_pub_sub_cidr = "10.0.2.0/24" +# requester_ami_id = "ami-0554aa6767e249943" +# instance_type = "t2.micro" -### ------ acceptor VPC Variables ------ ### -acceptor_region = "us-west-2" -acceptor_cidr = "10.10.0.0/16" -acceptor_vpc_name = "acceptor-vpc" -acceptor_subnet1_cidr = "10.10.0.0/24" -acceptor_subnet1_name = "acceptor-subnet-1" -acceptor_subnet1_az = "us-west-2a" -acceptor_subnet2_name = "acceptor-subnet-2" -acceptor_subnet2_cidr = "10.10.1.0/24" -acceptor_subnet2_az = "us-west-2b" -acceptor_rt_name = "acceptor-route-table" -acceptor_pub_sub_cidr = "10.10.2.0/24" -map_public_ip_on_launch = false -acceptor_ami_id = "ami-04999cd8f2624f834" \ No newline at end of file +# ### ------ acceptor VPC Variables ------ ### +# acceptor_region = "us-west-2" +# acceptor_cidr = "10.10.0.0/16" +# acceptor_vpc_name = "acceptor-vpc" +# acceptor_subnet1_cidr = "10.10.0.0/24" +# acceptor_subnet1_name = "acceptor-subnet-1" +# acceptor_subnet1_az = "us-west-2a" +# acceptor_subnet2_name = "acceptor-subnet-2" +# acceptor_subnet2_cidr = "10.10.1.0/24" +# acceptor_subnet2_az = "us-west-2b" +# acceptor_rt_name = "acceptor-route-table" +# acceptor_pub_sub_cidr = "10.10.2.0/24" +# map_public_ip_on_launch = false +# acceptor_ami_id = "ami-04999cd8f2624f834" \ No newline at end of file diff --git a/VPC-Peering/Environments/test/variables.tf b/VPC-Peering/Environments/test/variables.tf index d935924..6db73c3 100644 --- a/VPC-Peering/Environments/test/variables.tf +++ b/VPC-Peering/Environments/test/variables.tf @@ -1,168 +1,195 @@ -variable "environment" { - description = "The environment for the VPC (e.g., dev, staging, prod)" - type = string - -} - -variable "requestor_vpc_region" { - description = "The AWS region for the source VPC" - type = string -} - -variable "acceptor_region" { - description = "The AWS region for the destination VPC" - type = string - -} - - -### Source VPC Variables ### - - -variable "requester_vpc_name" { - description = "Name for the source VPC" - type = string - -} - -variable "requester_vpc_cidr" { - description = "CIDR block for the destination VPC" - type = string -} - -variable "requester_vpc_pub_sub_cidr" { - description = "CIDR block for the public subnet" - type = string -} - -variable "requester_subnet1_cidr" { - description = "CIDR block for the first destination subnet" - type = string - -} - -variable "requester_subnet1_name" { - description = "Name for the first destination subnet" - type = string - -} - -variable "requester_subnet1_az" { - description = "Availability Zone for the first destination subnet" - type = string - -} - -variable "requester_subnet2_name" { - description = "Name for the second destination subnet" - type = string - -} - -variable "requester_subnet2_cidr" { - description = "CIDR block for the second destination subnet" - type = string - -} - - -variable "requester_subnet2_az" { - description = "Availability Zone for the second destination subnet" - type = string - -} - -variable "requester_rt_name" { - description = "Name for the destination route table" - type = string - -} - -### Acceptor VPC Variables ### - -variable "acceptor_vpc_name" { - description = "Name for the source VPC" - type = string - -} -variable "acceptor_cidr" { - description = "CIDR block for the destination VPC" - type = string -} - - -variable "acceptor_subnet1_cidr" { - description = "CIDR block for the first destination subnet" - type = string - -} - -variable "acceptor_subnet1_name" { - description = "Name for the first destination subnet" - type = string - -} - -variable "acceptor_subnet1_az" { - description = "Availability Zone for the first destination subnet" - type = string - -} - -variable "acceptor_subnet2_name" { - description = "Name for the second destination subnet" - type = string - -} - -variable "acceptor_pub_sub_cidr" { - description = "CIDR block for the public subnet" - type = string -} - -variable "acceptor_subnet2_cidr" { - description = "CIDR block for the second destination subnet" - type = string - -} - - -variable "acceptor_subnet2_az" { - description = "Availability Zone for the second destination subnet" - type = string - -} - -variable "acceptor_rt_name" { - description = "Name for the destination route table" - type = string - -} -variable "map_public_ip_on_launch" { - description = "Whether to map public IPs on launch for subnets, defaults to false" - type = bool - default = false - -} - -### EC2 Instance Variables ### - -variable "requester_ami_id" { - description = "ami id for the source VPC EC2 instance. MUST BE REGION SPECIFIC" - type = string -} - -variable "acceptor_ami_id" { - description = "ami id for the destination VPC EC2 instance. MUST BE REGION SPECIFIC" - type = string -} -variable "instance_type" { - description = "Instance type for the EC2 instances in both VPCs" - type = string - default = "t2.micro" -} - - - - +# variable "environment" { +# description = "The environment for the VPC (e.g., dev, staging, prod)" +# type = string + +# } + +# variable "requestor_vpc_region" { +# description = "The AWS region for the source VPC" +# type = string +# } + +# variable "acceptor_region" { +# description = "The AWS region for the destination VPC" +# type = string + +# } + + +# ### Source VPC Variables ### + + +# variable "requester_vpc_name" { +# description = "Name for the source VPC" +# type = string + +# } + +# variable "requester_vpc_cidr" { +# description = "CIDR block for the destination VPC" +# type = string +# } + +# variable "requester_vpc_pub_sub_cidr" { +# description = "CIDR block for the public subnet" +# type = string +# } + +# variable "requester_subnet1_cidr" { +# description = "CIDR block for the first destination subnet" +# type = string + +# } + +# <<<<<<< HEAD +# ======= +# } + +# >>>>>>> main +# variable "requester_subnet1_name" { +# description = "Name for the first destination subnet" +# type = string + +# } + +# variable "requester_subnet1_az" { +# description = "Availability Zone for the first destination subnet" +# type = string + +# } + +# variable "requester_subnet2_name" { +# description = "Name for the second destination subnet" +# type = string + +# } + +# variable "requester_subnet2_cidr" { +# description = "CIDR block for the second destination subnet" +# type = string + +# } + + +# variable "requester_subnet2_az" { +# description = "Availability Zone for the second destination subnet" +# type = string + +# } + +# variable "requester_rt_name" { +# description = "Name for the destination route table" +# type = string + +# } + +# ### Acceptor VPC Variables ### + +# variable "acceptor_vpc_name" { +# description = "Name for the source VPC" +# type = string + +# } +# variable "acceptor_cidr" { +# description = "CIDR block for the destination VPC" +# type = string +# } + + +# variable "acceptor_subnet1_cidr" { +# description = "CIDR block for the first destination subnet" +# type = string + +# } + +# <<<<<<< HEAD +# ======= +# } + +# >>>>>>> main +# variable "acceptor_subnet1_name" { +# description = "Name for the first destination subnet" +# type = string + +# } + +# variable "acceptor_subnet1_az" { +# description = "Availability Zone for the first destination subnet" +# type = string + +# } + +# variable "acceptor_subnet2_name" { +# description = "Name for the second destination subnet" +# type = string + +# } + +# variable "acceptor_pub_sub_cidr" { +# description = "CIDR block for the public subnet" +# <<<<<<< HEAD +# type = string +# ======= +# type = string +# >>>>>>> main +# } + +# variable "acceptor_subnet2_cidr" { +# description = "CIDR block for the second destination subnet" +# type = string + +# } + + +# variable "acceptor_subnet2_az" { +# description = "Availability Zone for the second destination subnet" +# type = string + +# } + +# variable "acceptor_rt_name" { +# description = "Name for the destination route table" +# type = string + +# } +# variable "map_public_ip_on_launch" { +# description = "Whether to map public IPs on launch for subnets, defaults to false" +# type = bool +# default = false + +# } +# variable "map_public_ip_on_launch" { +# description = "Whether to map public IPs on launch for subnets, defaults to false" +# type = bool +# default = false + +# <<<<<<< HEAD +# ======= +# } + +# >>>>>>> main +# ### EC2 Instance Variables ### + +# variable "requester_ami_id" { +# description = "ami id for the source VPC EC2 instance. MUST BE REGION SPECIFIC" +# type = string +# } + +# variable "acceptor_ami_id" { +# description = "ami id for the destination VPC EC2 instance. MUST BE REGION SPECIFIC" +# type = string +# } +# variable "instance_type" { +# description = "Instance type for the EC2 instances in both VPCs" +# type = string +# default = "t2.micro" +# <<<<<<< HEAD +# } +# ======= +# } + + + + +# >>>>>>> main diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/01-vpcs.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/01-vpcs.tf new file mode 100644 index 0000000..854835e --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/01-vpcs.tf @@ -0,0 +1,39 @@ +#tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs +resource "aws_vpc" "vpc_a" { + cidr_block = var.vpc_a_cidr + instance_tenancy = "default" + enable_dns_support = true + enable_dns_hostnames = true + + + + tags = { + Name = var.vpc_a_name + } +} +#tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs +resource "aws_vpc" "vpc_b" { + cidr_block = var.vpc_b_cidr + instance_tenancy = "default" + enable_dns_support = true + enable_dns_hostnames = true + + + + tags = { + Name = var.vpc_b_name + } +} +#tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs +resource "aws_vpc" "vpc_c" { + cidr_block = var.vpc_c_cidr + instance_tenancy = "default" + enable_dns_support = true + enable_dns_hostnames = true + + + + tags = { + Name = var.vpc_c_name + } +} diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/02-subnets.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/02-subnets.tf new file mode 100644 index 0000000..01d5584 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/02-subnets.tf @@ -0,0 +1,39 @@ +### -------- vpc a subnets -------- ### + +resource "aws_subnet" "vpc_a_subnet_1" { + vpc_id = aws_vpc.vpc_a.id + cidr_block = var.vpc_a_subnet_1_cidr + availability_zone = var.vpc_a_subnet_1_availability_zone + map_public_ip_on_launch = false + + tags = { + Name = "${var.vpc_a_name}-subnet-1" + } + +} +### -------- vpc b subnets -------- ### + +resource "aws_subnet" "vpc_b_subnet_1" { + vpc_id = aws_vpc.vpc_b.id + cidr_block = var.vpc_b_subnet_1_cidr + availability_zone = var.vpc_b_subnet_1_availability_zone + map_public_ip_on_launch = false + + tags = { + Name = "${var.vpc_b_name}-subnet-1" + } + +} +### -------- vpc c subnets -------- ### + +resource "aws_subnet" "vpc_c_subnet_1" { + vpc_id = aws_vpc.vpc_c.id + cidr_block = var.vpc_c_subnet_1_cidr + availability_zone = var.vpc_c_subnet_1_availability_zone + map_public_ip_on_launch = false + + tags = { + Name = "${var.vpc_c_name}-subnet-1" + } + +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/03-igw-nat.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/03-igw-nat.tf new file mode 100644 index 0000000..e316445 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/03-igw-nat.tf @@ -0,0 +1,80 @@ +### --------- vpc a eip ----------- ### + +resource "aws_eip" "vpc_a_eip" { + tags = { + Name = "${var.vpc_a_name}-eip" + } +} + +### vpc a nat gateway ### +resource "aws_nat_gateway" "vpc_a_nat_gateway" { + allocation_id = aws_eip.vpc_a_eip.id + subnet_id = aws_subnet.vpc_a_subnet_1.id + + tags = { + Name = "${var.vpc_a_name}-nat-gateway" + } +} + +### vpc a internet gateway ### +resource "aws_internet_gateway" "vpc_a_internet_gateway" { + vpc_id = aws_vpc.vpc_a.id + + tags = { + Name = "${var.vpc_a_name}-internet-gateway" + } +} + +### ---------- vpc b eip ----------- ### + +resource "aws_eip" "vpc_b_eip" { + tags = { + Name = "${var.vpc_b_name}-eip" + } +} + +### vpc a nat gateway ### +resource "aws_nat_gateway" "vpc_b_nat_gateway" { + allocation_id = aws_eip.vpc_b_eip.id + subnet_id = aws_subnet.vpc_b_subnet_1.id + + tags = { + Name = "${var.vpc_b_name}-nat-gateway" + } +} + +### vpc a internet gateway ### +resource "aws_internet_gateway" "vpc_b_internet_gateway" { + vpc_id = aws_vpc.vpc_b.id + + tags = { + Name = "${var.vpc_b_name}-internet-gateway" + } +} + +### --------- vpc c eip ----------- ### + +resource "aws_eip" "vpc_c_eip" { + tags = { + Name = "${var.vpc_c_name}-eip" + } +} + +### vpc a nat gateway ### +resource "aws_nat_gateway" "vpc_c_nat_gateway" { + allocation_id = aws_eip.vpc_c_eip.id + subnet_id = aws_subnet.vpc_c_subnet_1.id + + tags = { + Name = "${var.vpc_c_name}-nat-gateway" + } +} + +### vpc a internet gateway ### +resource "aws_internet_gateway" "vpc_c_internet_gateway" { + vpc_id = aws_vpc.vpc_c.id + + tags = { + Name = "${var.vpc_c_name}-internet-gateway" + } +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/04-route-tables.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/04-route-tables.tf new file mode 100644 index 0000000..f59ae03 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/04-route-tables.tf @@ -0,0 +1,83 @@ +### -------- vpc a route table --------- ### +resource "aws_route_table" "vpc_a_route_table" { + vpc_id = aws_vpc.vpc_a.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_nat_gateway.vpc_a_nat_gateway.id + + } + + route { + cidr_block = var.vpc_b_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_a.id + + } + + route { + cidr_block = var.vpc_c_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_b.id + + } + + tags = { + Name = "${var.vpc_a_name}-route-table" + } + + depends_on = [ aws_vpc.vpc_a ] +} + +### -------- vpc b route table --------- ### +resource "aws_route_table" "vpc_b_route_table" { + vpc_id = aws_vpc.vpc_b.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_nat_gateway.vpc_b_nat_gateway.id + + } + route { + cidr_block = var.vpc_c_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_c.id + + } + + route { + cidr_block = var.vpc_a_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_a.id + + } + + + tags = { + Name = "${var.vpc_b_name}-route-table" + } + depends_on = [ aws_vpc.vpc_b, aws_vpc.vpc_c ] +} + +### -------- vpc c route table --------- ### +resource "aws_route_table" "vpc_c_route_table" { + vpc_id = aws_vpc.vpc_c.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_nat_gateway.vpc_c_nat_gateway.id + + } + + route { + cidr_block = var.vpc_a_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_b.id + + } + + route { + cidr_block = var.vpc_b_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_c.id + + } + tags = { + Name = "${var.vpc_c_name}-route-table" + } + depends_on = [ aws_vpc.vpc_c, aws_vpc.vpc_a ] +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/05-route-table-association.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/05-route-table-association.tf new file mode 100644 index 0000000..2ec14e6 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/05-route-table-association.tf @@ -0,0 +1,24 @@ +### --------- vpc A route table association --------- ### +resource "aws_route_table_association" "vpc_a_subnet_1_association" { + subnet_id = aws_subnet.vpc_a_subnet_1.id + route_table_id = aws_route_table.vpc_a_route_table.id + + depends_on = [ aws_route_table.vpc_a_route_table ] + +} + +### --------- vpc B route table association --------- ### +resource "aws_route_table_association" "vpc_b_subnet_1_association" { + subnet_id = aws_subnet.vpc_b_subnet_1.id + route_table_id = aws_route_table.vpc_b_route_table.id + + depends_on = [ aws_route_table.vpc_b_route_table ] +} + +### --------- vpc C route table association --------- ### +resource "aws_route_table_association" "vpc_c_subnet_1_association" { + subnet_id = aws_subnet.vpc_c_subnet_1.id + route_table_id = aws_route_table.vpc_c_route_table.id + + depends_on = [ aws_route_table.vpc_c_route_table ] +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/06-peerings.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/06-peerings.tf new file mode 100644 index 0000000..de654f6 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/06-peerings.tf @@ -0,0 +1,101 @@ +data "aws_caller_identity" "peer" {} + +### ------------ VPC A -> VPC B ------------ ### +resource "aws_vpc_peering_connection" "connection_a" { + + peer_owner_id = data.aws_caller_identity.peer.account_id + peer_vpc_id = aws_vpc.vpc_b.id ## Accepter VPC ID + vpc_id = aws_vpc.vpc_a.id ## Requester VPC ID + auto_accept = false + peer_region = var.aws_region + + tags = { + Name = "vpc a -> vpc b" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_b ] +} + + +### Accepters/Destination side of the connection ### +resource "aws_vpc_peering_connection_accepter" "vpc_a_accepter" { + vpc_peering_connection_id = aws_vpc_peering_connection.connection_a.id + auto_accept = true + + + + tags = { + Side = "Accepter" + Name = "vpc b -> vpc a" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_b ] +} + + +### ------------ VPC A -> VPC C ------------ ### +resource "aws_vpc_peering_connection" "connection_b" { + + peer_owner_id = data.aws_caller_identity.peer.account_id + peer_vpc_id = aws_vpc.vpc_c.id ## Accepter VPC ID + vpc_id = aws_vpc.vpc_a.id ## Requester VPC ID + auto_accept = false + peer_region = var.aws_region + + tags = { + Name = "vpc a -> vpc c" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_c ] +} + + +### Accepters/Destination side of the connection ### +resource "aws_vpc_peering_connection_accepter" "vpc_c_accepter" { + vpc_peering_connection_id = aws_vpc_peering_connection.connection_b.id + auto_accept = true + + + + tags = { + Side = "Accepter" + Name = "vpc c -> vpc a" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_c ] +} + + + + +### ------------ VPC C -> VPC B ------------ ### +resource "aws_vpc_peering_connection" "connection_c" { + + peer_owner_id = data.aws_caller_identity.peer.account_id + peer_vpc_id = aws_vpc.vpc_b.id ## Accepter VPC ID + vpc_id = aws_vpc.vpc_c.id ## Requester VPC ID + auto_accept = false + peer_region = var.aws_region + + tags = { + Name = "vpc c -> vpc b" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_c ] +} + + +### Accepters/Destination side of the connection ### +resource "aws_vpc_peering_connection_accepter" "vpc_b_accepter" { + vpc_peering_connection_id = aws_vpc_peering_connection.connection_c.id + auto_accept = true + + + + tags = { + Side = "Accepter" + Name = "vpc b -> vpc c" + } + + depends_on = [ aws_vpc.vpc_b, aws_vpc.vpc_c ] +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/07-iam.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/07-iam.tf new file mode 100644 index 0000000..cccb1d3 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/07-iam.tf @@ -0,0 +1,86 @@ +### use the IAM policy created for SSM ### + +resource "aws_iam_policy" "ssm_policy" { + name = "AmazonSSMManagedInstanceCore" + path = "/" + description = "SSM policy" + + # Terraform's "jsonencode" function converts a + # Terraform expression result to valid JSON syntax. + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + "Effect": "Allow", + "Action": [ + "ssm:DescribeAssociation", + "ssm:GetDeployablePatchSnapshotForInstance", + "ssm:GetDocument", + "ssm:DescribeDocument", + "ssm:GetManifest", + "ssm:GetParameter", + "ssm:GetParameters", + "ssm:ListAssociations", + "ssm:ListInstanceAssociations", + "ssm:PutInventory", + "ssm:PutComplianceItems", + "ssm:PutConfigurePackageResult", + "ssm:UpdateAssociationStatus", + "ssm:UpdateInstanceAssociationStatus", + "ssm:UpdateInstanceInformation" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2messages:AcknowledgeMessage", + "ec2messages:DeleteMessage", + "ec2messages:FailMessage", + "ec2messages:GetEndpoint", + "ec2messages:GetMessages", + "ec2messages:SendReply" + ], + "Resource": "*" + } + ] + }) +} + +data "aws_iam_policy_document" "ssm_policy_doc" { + statement { + actions = [ + "sts:AssumeRole" + ] + principals { + type = "Service" + identifiers = ["ec2.amazonaws.com"] + } + effect = "Allow" + } +} + +resource "aws_iam_role" "ssm_role" { + name = "AmazonSSMManagedInstanceCore1" + assume_role_policy = data.aws_iam_policy_document.ssm_policy_doc.json +} + +resource "aws_iam_role_policy_attachment" "attach_ssm_policy" { + role = aws_iam_role.ssm_role.name + policy_arn = aws_iam_policy.ssm_policy.arn +} + +resource "aws_iam_instance_profile" "ssm_profile" { + name = "AmazonSSMManagedInstanceCore2" + role = aws_iam_role.ssm_role.name +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/08-EC2.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/08-EC2.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/09-security-groups.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/09-security-groups.tf new file mode 100644 index 0000000..c20ca22 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/09-security-groups.tf @@ -0,0 +1,87 @@ +### -------------- Security Group VPC A ------------- ### +resource "aws_security_group" "vpc_a_sg" { + vpc_id = aws_vpc.vpc_a.id + description = "Security group for VPC A" +} + +resource "aws_security_group_rule" "icmp_source" { + type = "ingress" + from_port = -1 + to_port = -1 + protocol = "icmp" + security_group_id = aws_security_group.vpc_a_sg.id + cidr_blocks = [var.acceptor_cidr] + + + description = "Allow ICMP from destination VPC" + + depends_on = [ aws_security_group.vpc_a_sg ] +} + + + +resource "aws_vpc_security_group_egress_rule" "source_egress" { + security_group_id = aws_security_group.vpc_a_sg.id + + cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr + ip_protocol = "-1" + +} +### -------------- Security Group VPC B ------------- ### +resource "aws_security_group" "vpc_b_sg" { + vpc_id = aws_vpc.vpc_b.id + description = "Security group for VPC B" +} + +resource "aws_security_group_rule" "icmp_source" { + type = "ingress" + from_port = -1 + to_port = -1 + protocol = "icmp" + security_group_id = aws_security_group.vpc_b_sg.id + cidr_blocks = [var.acceptor_cidr] + + + description = "Allow ICMP from destination VPC" + + depends_on = [ aws_security_group.vpc_b_sg ] +} + + + +resource "aws_vpc_security_group_egress_rule" "source_egress" { + security_group_id = aws_security_group.vpc_b_sg.id + + cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr + ip_protocol = "-1" + +} +### -------------- Security Group VPC C ------------- ### +resource "aws_security_group" "vpc_c_sg" { + vpc_id = aws_vpc.vpc_c.id + description = "Security group for source VPC" +} + +resource "aws_security_group_rule" "icmp_source" { + type = "ingress" + from_port = -1 + to_port = -1 + protocol = "icmp" + security_group_id = aws_security_group.vpc_c_sg.id + cidr_blocks = [var.acceptor_cidr] + + + description = "Allow ICMP from destination VPC" + + depends_on = [ aws_security_group.vpc_c_sg ] +} + + + +resource "aws_vpc_security_group_egress_rule" "source_egress" { + security_group_id = aws_security_group.vpc_c_sg.id + + cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr + ip_protocol = "-1" + +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/10-variables.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/10-variables.tf new file mode 100644 index 0000000..9009978 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/10-variables.tf @@ -0,0 +1,75 @@ +variable "aws_region" { + description = "AWS region where the VPCs will be created" + type = string + default = "us-east-1" + +} +variable "environment" { + description = "Environment for the VPCs (e.g., dev, staging, prod)" + type = string + +} + +### VPC Variables ### +variable "vpc_a_cidr" { + description = "CIDR block for VPC A" + type = string + +} +variable "vpc_b_cidr" { + description = "CIDR block for VPC B" + type = string + +} +variable "vpc_c_cidr" { + description = "CIDR block for VPC C" + type = string + +} +variable "vpc_a_name" { + description = "Name for VPC A" + type = string +} +variable "vpc_b_name" { + description = "Name for VPC B" + type = string +} +variable "vpc_c_name" { + description = "Name for VPC C" + type = string +} + +### Subnet Variables ### + +### Subnet CIDR blocks for each Subnet ### +variable "vpc_a_subnet_1_cidr" { + description = "CIDR block for VPC A Subnet 1" + type = string +} +variable "vpc_b_subnet_1_cidr" { + description = "CIDR block for VPC B Subnet 1" + type = string +} +variable "vpc_c_subnet_1_cidr" { + description = "CIDR block for VPC C Subnet 1" + type = string +} + +### Subnet Availability Zones for each Subnet ### + +variable "vpc_a_subnet_1_availability_zone" { + description = "Availability Zone for VPC A Subnet 1" + type = string + +} + +variable "vpc_b_subnet_1_availability_zone" { + description = "Availability Zone for VPC B Subnet 1" + type = string + +} +variable "vpc_c_subnet_1_availability_zone" { + description = "Availability Zone for VPC C Subnet 1" + type = string + +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/11-outputs.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/11-outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/main.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/outputs.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/readme b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/readme new file mode 100644 index 0000000..c338984 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/readme @@ -0,0 +1,3 @@ +## What I want to explore in this section + - forech + - \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/variables.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/01-vpcs.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/01-vpcs.tf new file mode 100644 index 0000000..854835e --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/01-vpcs.tf @@ -0,0 +1,39 @@ +#tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs +resource "aws_vpc" "vpc_a" { + cidr_block = var.vpc_a_cidr + instance_tenancy = "default" + enable_dns_support = true + enable_dns_hostnames = true + + + + tags = { + Name = var.vpc_a_name + } +} +#tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs +resource "aws_vpc" "vpc_b" { + cidr_block = var.vpc_b_cidr + instance_tenancy = "default" + enable_dns_support = true + enable_dns_hostnames = true + + + + tags = { + Name = var.vpc_b_name + } +} +#tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs +resource "aws_vpc" "vpc_c" { + cidr_block = var.vpc_c_cidr + instance_tenancy = "default" + enable_dns_support = true + enable_dns_hostnames = true + + + + tags = { + Name = var.vpc_c_name + } +} diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/02-subnets.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/02-subnets.tf new file mode 100644 index 0000000..01d5584 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/02-subnets.tf @@ -0,0 +1,39 @@ +### -------- vpc a subnets -------- ### + +resource "aws_subnet" "vpc_a_subnet_1" { + vpc_id = aws_vpc.vpc_a.id + cidr_block = var.vpc_a_subnet_1_cidr + availability_zone = var.vpc_a_subnet_1_availability_zone + map_public_ip_on_launch = false + + tags = { + Name = "${var.vpc_a_name}-subnet-1" + } + +} +### -------- vpc b subnets -------- ### + +resource "aws_subnet" "vpc_b_subnet_1" { + vpc_id = aws_vpc.vpc_b.id + cidr_block = var.vpc_b_subnet_1_cidr + availability_zone = var.vpc_b_subnet_1_availability_zone + map_public_ip_on_launch = false + + tags = { + Name = "${var.vpc_b_name}-subnet-1" + } + +} +### -------- vpc c subnets -------- ### + +resource "aws_subnet" "vpc_c_subnet_1" { + vpc_id = aws_vpc.vpc_c.id + cidr_block = var.vpc_c_subnet_1_cidr + availability_zone = var.vpc_c_subnet_1_availability_zone + map_public_ip_on_launch = false + + tags = { + Name = "${var.vpc_c_name}-subnet-1" + } + +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/03-igw-nat.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/03-igw-nat.tf new file mode 100644 index 0000000..e316445 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/03-igw-nat.tf @@ -0,0 +1,80 @@ +### --------- vpc a eip ----------- ### + +resource "aws_eip" "vpc_a_eip" { + tags = { + Name = "${var.vpc_a_name}-eip" + } +} + +### vpc a nat gateway ### +resource "aws_nat_gateway" "vpc_a_nat_gateway" { + allocation_id = aws_eip.vpc_a_eip.id + subnet_id = aws_subnet.vpc_a_subnet_1.id + + tags = { + Name = "${var.vpc_a_name}-nat-gateway" + } +} + +### vpc a internet gateway ### +resource "aws_internet_gateway" "vpc_a_internet_gateway" { + vpc_id = aws_vpc.vpc_a.id + + tags = { + Name = "${var.vpc_a_name}-internet-gateway" + } +} + +### ---------- vpc b eip ----------- ### + +resource "aws_eip" "vpc_b_eip" { + tags = { + Name = "${var.vpc_b_name}-eip" + } +} + +### vpc a nat gateway ### +resource "aws_nat_gateway" "vpc_b_nat_gateway" { + allocation_id = aws_eip.vpc_b_eip.id + subnet_id = aws_subnet.vpc_b_subnet_1.id + + tags = { + Name = "${var.vpc_b_name}-nat-gateway" + } +} + +### vpc a internet gateway ### +resource "aws_internet_gateway" "vpc_b_internet_gateway" { + vpc_id = aws_vpc.vpc_b.id + + tags = { + Name = "${var.vpc_b_name}-internet-gateway" + } +} + +### --------- vpc c eip ----------- ### + +resource "aws_eip" "vpc_c_eip" { + tags = { + Name = "${var.vpc_c_name}-eip" + } +} + +### vpc a nat gateway ### +resource "aws_nat_gateway" "vpc_c_nat_gateway" { + allocation_id = aws_eip.vpc_c_eip.id + subnet_id = aws_subnet.vpc_c_subnet_1.id + + tags = { + Name = "${var.vpc_c_name}-nat-gateway" + } +} + +### vpc a internet gateway ### +resource "aws_internet_gateway" "vpc_c_internet_gateway" { + vpc_id = aws_vpc.vpc_c.id + + tags = { + Name = "${var.vpc_c_name}-internet-gateway" + } +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/04-route-tables.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/04-route-tables.tf new file mode 100644 index 0000000..f59ae03 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/04-route-tables.tf @@ -0,0 +1,83 @@ +### -------- vpc a route table --------- ### +resource "aws_route_table" "vpc_a_route_table" { + vpc_id = aws_vpc.vpc_a.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_nat_gateway.vpc_a_nat_gateway.id + + } + + route { + cidr_block = var.vpc_b_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_a.id + + } + + route { + cidr_block = var.vpc_c_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_b.id + + } + + tags = { + Name = "${var.vpc_a_name}-route-table" + } + + depends_on = [ aws_vpc.vpc_a ] +} + +### -------- vpc b route table --------- ### +resource "aws_route_table" "vpc_b_route_table" { + vpc_id = aws_vpc.vpc_b.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_nat_gateway.vpc_b_nat_gateway.id + + } + route { + cidr_block = var.vpc_c_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_c.id + + } + + route { + cidr_block = var.vpc_a_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_a.id + + } + + + tags = { + Name = "${var.vpc_b_name}-route-table" + } + depends_on = [ aws_vpc.vpc_b, aws_vpc.vpc_c ] +} + +### -------- vpc c route table --------- ### +resource "aws_route_table" "vpc_c_route_table" { + vpc_id = aws_vpc.vpc_c.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_nat_gateway.vpc_c_nat_gateway.id + + } + + route { + cidr_block = var.vpc_a_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_b.id + + } + + route { + cidr_block = var.vpc_b_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_c.id + + } + tags = { + Name = "${var.vpc_c_name}-route-table" + } + depends_on = [ aws_vpc.vpc_c, aws_vpc.vpc_a ] +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/05-route-table-association.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/05-route-table-association.tf new file mode 100644 index 0000000..2ec14e6 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/05-route-table-association.tf @@ -0,0 +1,24 @@ +### --------- vpc A route table association --------- ### +resource "aws_route_table_association" "vpc_a_subnet_1_association" { + subnet_id = aws_subnet.vpc_a_subnet_1.id + route_table_id = aws_route_table.vpc_a_route_table.id + + depends_on = [ aws_route_table.vpc_a_route_table ] + +} + +### --------- vpc B route table association --------- ### +resource "aws_route_table_association" "vpc_b_subnet_1_association" { + subnet_id = aws_subnet.vpc_b_subnet_1.id + route_table_id = aws_route_table.vpc_b_route_table.id + + depends_on = [ aws_route_table.vpc_b_route_table ] +} + +### --------- vpc C route table association --------- ### +resource "aws_route_table_association" "vpc_c_subnet_1_association" { + subnet_id = aws_subnet.vpc_c_subnet_1.id + route_table_id = aws_route_table.vpc_c_route_table.id + + depends_on = [ aws_route_table.vpc_c_route_table ] +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/06-peerings.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/06-peerings.tf new file mode 100644 index 0000000..de654f6 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/06-peerings.tf @@ -0,0 +1,101 @@ +data "aws_caller_identity" "peer" {} + +### ------------ VPC A -> VPC B ------------ ### +resource "aws_vpc_peering_connection" "connection_a" { + + peer_owner_id = data.aws_caller_identity.peer.account_id + peer_vpc_id = aws_vpc.vpc_b.id ## Accepter VPC ID + vpc_id = aws_vpc.vpc_a.id ## Requester VPC ID + auto_accept = false + peer_region = var.aws_region + + tags = { + Name = "vpc a -> vpc b" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_b ] +} + + +### Accepters/Destination side of the connection ### +resource "aws_vpc_peering_connection_accepter" "vpc_a_accepter" { + vpc_peering_connection_id = aws_vpc_peering_connection.connection_a.id + auto_accept = true + + + + tags = { + Side = "Accepter" + Name = "vpc b -> vpc a" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_b ] +} + + +### ------------ VPC A -> VPC C ------------ ### +resource "aws_vpc_peering_connection" "connection_b" { + + peer_owner_id = data.aws_caller_identity.peer.account_id + peer_vpc_id = aws_vpc.vpc_c.id ## Accepter VPC ID + vpc_id = aws_vpc.vpc_a.id ## Requester VPC ID + auto_accept = false + peer_region = var.aws_region + + tags = { + Name = "vpc a -> vpc c" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_c ] +} + + +### Accepters/Destination side of the connection ### +resource "aws_vpc_peering_connection_accepter" "vpc_c_accepter" { + vpc_peering_connection_id = aws_vpc_peering_connection.connection_b.id + auto_accept = true + + + + tags = { + Side = "Accepter" + Name = "vpc c -> vpc a" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_c ] +} + + + + +### ------------ VPC C -> VPC B ------------ ### +resource "aws_vpc_peering_connection" "connection_c" { + + peer_owner_id = data.aws_caller_identity.peer.account_id + peer_vpc_id = aws_vpc.vpc_b.id ## Accepter VPC ID + vpc_id = aws_vpc.vpc_c.id ## Requester VPC ID + auto_accept = false + peer_region = var.aws_region + + tags = { + Name = "vpc c -> vpc b" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_c ] +} + + +### Accepters/Destination side of the connection ### +resource "aws_vpc_peering_connection_accepter" "vpc_b_accepter" { + vpc_peering_connection_id = aws_vpc_peering_connection.connection_c.id + auto_accept = true + + + + tags = { + Side = "Accepter" + Name = "vpc b -> vpc c" + } + + depends_on = [ aws_vpc.vpc_b, aws_vpc.vpc_c ] +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/07-iam.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/07-iam.tf new file mode 100644 index 0000000..cccb1d3 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/07-iam.tf @@ -0,0 +1,86 @@ +### use the IAM policy created for SSM ### + +resource "aws_iam_policy" "ssm_policy" { + name = "AmazonSSMManagedInstanceCore" + path = "/" + description = "SSM policy" + + # Terraform's "jsonencode" function converts a + # Terraform expression result to valid JSON syntax. + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + "Effect": "Allow", + "Action": [ + "ssm:DescribeAssociation", + "ssm:GetDeployablePatchSnapshotForInstance", + "ssm:GetDocument", + "ssm:DescribeDocument", + "ssm:GetManifest", + "ssm:GetParameter", + "ssm:GetParameters", + "ssm:ListAssociations", + "ssm:ListInstanceAssociations", + "ssm:PutInventory", + "ssm:PutComplianceItems", + "ssm:PutConfigurePackageResult", + "ssm:UpdateAssociationStatus", + "ssm:UpdateInstanceAssociationStatus", + "ssm:UpdateInstanceInformation" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2messages:AcknowledgeMessage", + "ec2messages:DeleteMessage", + "ec2messages:FailMessage", + "ec2messages:GetEndpoint", + "ec2messages:GetMessages", + "ec2messages:SendReply" + ], + "Resource": "*" + } + ] + }) +} + +data "aws_iam_policy_document" "ssm_policy_doc" { + statement { + actions = [ + "sts:AssumeRole" + ] + principals { + type = "Service" + identifiers = ["ec2.amazonaws.com"] + } + effect = "Allow" + } +} + +resource "aws_iam_role" "ssm_role" { + name = "AmazonSSMManagedInstanceCore1" + assume_role_policy = data.aws_iam_policy_document.ssm_policy_doc.json +} + +resource "aws_iam_role_policy_attachment" "attach_ssm_policy" { + role = aws_iam_role.ssm_role.name + policy_arn = aws_iam_policy.ssm_policy.arn +} + +resource "aws_iam_instance_profile" "ssm_profile" { + name = "AmazonSSMManagedInstanceCore2" + role = aws_iam_role.ssm_role.name +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/08-EC2.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/08-EC2.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/09-security-groups.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/09-security-groups.tf new file mode 100644 index 0000000..c20ca22 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/09-security-groups.tf @@ -0,0 +1,87 @@ +### -------------- Security Group VPC A ------------- ### +resource "aws_security_group" "vpc_a_sg" { + vpc_id = aws_vpc.vpc_a.id + description = "Security group for VPC A" +} + +resource "aws_security_group_rule" "icmp_source" { + type = "ingress" + from_port = -1 + to_port = -1 + protocol = "icmp" + security_group_id = aws_security_group.vpc_a_sg.id + cidr_blocks = [var.acceptor_cidr] + + + description = "Allow ICMP from destination VPC" + + depends_on = [ aws_security_group.vpc_a_sg ] +} + + + +resource "aws_vpc_security_group_egress_rule" "source_egress" { + security_group_id = aws_security_group.vpc_a_sg.id + + cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr + ip_protocol = "-1" + +} +### -------------- Security Group VPC B ------------- ### +resource "aws_security_group" "vpc_b_sg" { + vpc_id = aws_vpc.vpc_b.id + description = "Security group for VPC B" +} + +resource "aws_security_group_rule" "icmp_source" { + type = "ingress" + from_port = -1 + to_port = -1 + protocol = "icmp" + security_group_id = aws_security_group.vpc_b_sg.id + cidr_blocks = [var.acceptor_cidr] + + + description = "Allow ICMP from destination VPC" + + depends_on = [ aws_security_group.vpc_b_sg ] +} + + + +resource "aws_vpc_security_group_egress_rule" "source_egress" { + security_group_id = aws_security_group.vpc_b_sg.id + + cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr + ip_protocol = "-1" + +} +### -------------- Security Group VPC C ------------- ### +resource "aws_security_group" "vpc_c_sg" { + vpc_id = aws_vpc.vpc_c.id + description = "Security group for source VPC" +} + +resource "aws_security_group_rule" "icmp_source" { + type = "ingress" + from_port = -1 + to_port = -1 + protocol = "icmp" + security_group_id = aws_security_group.vpc_c_sg.id + cidr_blocks = [var.acceptor_cidr] + + + description = "Allow ICMP from destination VPC" + + depends_on = [ aws_security_group.vpc_c_sg ] +} + + + +resource "aws_vpc_security_group_egress_rule" "source_egress" { + security_group_id = aws_security_group.vpc_c_sg.id + + cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr + ip_protocol = "-1" + +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/10-variables.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/10-variables.tf new file mode 100644 index 0000000..9009978 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/10-variables.tf @@ -0,0 +1,75 @@ +variable "aws_region" { + description = "AWS region where the VPCs will be created" + type = string + default = "us-east-1" + +} +variable "environment" { + description = "Environment for the VPCs (e.g., dev, staging, prod)" + type = string + +} + +### VPC Variables ### +variable "vpc_a_cidr" { + description = "CIDR block for VPC A" + type = string + +} +variable "vpc_b_cidr" { + description = "CIDR block for VPC B" + type = string + +} +variable "vpc_c_cidr" { + description = "CIDR block for VPC C" + type = string + +} +variable "vpc_a_name" { + description = "Name for VPC A" + type = string +} +variable "vpc_b_name" { + description = "Name for VPC B" + type = string +} +variable "vpc_c_name" { + description = "Name for VPC C" + type = string +} + +### Subnet Variables ### + +### Subnet CIDR blocks for each Subnet ### +variable "vpc_a_subnet_1_cidr" { + description = "CIDR block for VPC A Subnet 1" + type = string +} +variable "vpc_b_subnet_1_cidr" { + description = "CIDR block for VPC B Subnet 1" + type = string +} +variable "vpc_c_subnet_1_cidr" { + description = "CIDR block for VPC C Subnet 1" + type = string +} + +### Subnet Availability Zones for each Subnet ### + +variable "vpc_a_subnet_1_availability_zone" { + description = "Availability Zone for VPC A Subnet 1" + type = string + +} + +variable "vpc_b_subnet_1_availability_zone" { + description = "Availability Zone for VPC B Subnet 1" + type = string + +} +variable "vpc_c_subnet_1_availability_zone" { + description = "Availability Zone for VPC C Subnet 1" + type = string + +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/11-outputs.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/11-outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/readme b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/readme new file mode 100644 index 0000000..c338984 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/readme @@ -0,0 +1,3 @@ +## What I want to explore in this section + - forech + - \ No newline at end of file diff --git a/VPC-Peering/Modules/single-vpc-to-vpc-v2/main.tf b/VPC-Peering/Modules/single-vpc-to-vpc-v2/main.tf new file mode 100644 index 0000000..a5c7f04 --- /dev/null +++ b/VPC-Peering/Modules/single-vpc-to-vpc-v2/main.tf @@ -0,0 +1,30 @@ +data "aws_caller_identity" "peer" { +} + +### Requesters/Source side of the connection ### +resource "aws_vpc_peering_connection" "this_connection" { + + for_each = var. vpc_peering_connection + peer_owner_id = data.aws_caller_identity.peer.account_id + peer_vpc_id = each.value.peer_vpc_id ## Accepter VPC ID + vpc_id = each.value.vpc_id ## Requester VPC ID + auto_accept = each.value.auto_accept ## Auto accept the connection + peer_region = each.value.peer_region ## Destination VPC region + + tags = var.tags + +} + + +### Accepters/Destination side of the connection ### +resource "aws_vpc_peering_connection_accepter" "dest_peer" { + for_each = aws_vpc_peering_connection.this_connection + vpc_peering_connection_id = each.value.id ## VPC Peering Connection ID + auto_accept = each.value.auto_accept ## Auto accept the connection + + + +tags = var.tags + + +} \ No newline at end of file diff --git a/VPC-Peering/Modules/single-vpc-to-vpc-v2/outputs.tf b/VPC-Peering/Modules/single-vpc-to-vpc-v2/outputs.tf new file mode 100644 index 0000000..6bab74c --- /dev/null +++ b/VPC-Peering/Modules/single-vpc-to-vpc-v2/outputs.tf @@ -0,0 +1,3 @@ +output "this_connection" { + value = { for k, v in aws_vpc_peering_connection.this_connection : k => v.id } +} \ No newline at end of file diff --git a/VPC-Peering/Modules/single-vpc-to-vpc-v2/variables.tf b/VPC-Peering/Modules/single-vpc-to-vpc-v2/variables.tf new file mode 100644 index 0000000..d8ac88e --- /dev/null +++ b/VPC-Peering/Modules/single-vpc-to-vpc-v2/variables.tf @@ -0,0 +1,29 @@ +################################################################### +# VPC Peering Variables +################################################################### + +variable "vpc_peering_connection" { + description = "Map of VPC Peering Connection attributes" + type = map(object({ + name = optional(string) + vpc_id = string # Requester VPC ID + peer_vpc_id = string # Accepter VPC ID + peer_region = optional(string) # Destination VPC region + auto_accept = bool + })) +} + +variable "vpc_peering_accepter" { + description = "Map of VPC Peering Accepter attributes" + type = map(object({ + vpc_peering_connection_id = string + auto_accept = bool + name = optional(string) + })) +} + +variable "tags" { + description = "Map of tags to apply to the VPC Peering Connection and Accepter" + type = map(string) + +} \ No newline at end of file diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/01-source-vpc.tf b/VPC-Peering/Modules/single-vpc-to-vpc/01-source-vpc.tf index e66b3c5..4e43662 100644 --- a/VPC-Peering/Modules/single-vpc-to-vpc/01-source-vpc.tf +++ b/VPC-Peering/Modules/single-vpc-to-vpc/01-source-vpc.tf @@ -1,53 +1,58 @@ -#tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs -resource "aws_vpc" "requester_vpc" { - cidr_block = var.requester_vpc_cidr - instance_tenancy = "default" - enable_dns_support = true - enable_dns_hostnames = true - provider = aws.us-east +# #tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs +# <<<<<<< HEAD +# resource "aws_vpc" "requester_vpc" { +# cidr_block = var.requester_vpc_cidr +# ======= +# resource "aws_vpc" "source_vpc" { +# cidr_block = var.source_cidr +# >>>>>>> aab567e (changed a few things) +# instance_tenancy = "default" +# enable_dns_support = true +# enable_dns_hostnames = true +# provider = aws.us-east - tags = { - Name = var.requester_vpc_name - } -} +# tags = { +# Name = var.requester_vpc_name +# } +# } -### Elastic IP for NAT Gateway ### -resource "aws_eip" "requester_nat_eip" { - provider = aws.us-east +# ### Elastic IP for NAT Gateway ### +# resource "aws_eip" "requester_nat_eip" { +# provider = aws.us-east - tags = { - Name = "${var.requester_vpc_name}-nat-eip" - } +# tags = { +# Name = "${var.requester_vpc_name}-nat-eip" +# } - depends_on = [ aws_vpc.requester_vpc ] -} +# depends_on = [ aws_vpc.requester_vpc ] +# } -resource "aws_nat_gateway" "requester_nat_gw" { - provider = aws.us-east - allocation_id = aws_eip.requester_nat_eip.id - subnet_id = aws_subnet.requester_public_subnet.id +# resource "aws_nat_gateway" "requester_nat_gw" { +# provider = aws.us-east +# allocation_id = aws_eip.requester_nat_eip.id +# subnet_id = aws_subnet.requester_public_subnet.id - tags = { - Name = "${var.requester_vpc_name}-nat-gateway" - } +# tags = { +# Name = "${var.requester_vpc_name}-nat-gateway" +# } - depends_on = [aws_eip.requester_nat_eip ] -} -### Internet Gateway ### -resource "aws_internet_gateway" "this_igw" { - provider = aws.us-east - vpc_id = aws_vpc.requester_vpc.id +# depends_on = [aws_eip.requester_nat_eip ] +# } +# ### Internet Gateway ### +# resource "aws_internet_gateway" "this_igw" { +# provider = aws.us-east +# vpc_id = aws_vpc.requester_vpc.id - depends_on = [ aws_vpc.requester_vpc ] +# depends_on = [ aws_vpc.requester_vpc ] - tags = { - Name = "${var.requester_vpc_name}-igw" - } -} +# tags = { +# Name = "${var.requester_vpc_name}-igw" +# } +# } diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/02-destination-vpc.tf b/VPC-Peering/Modules/single-vpc-to-vpc/02-destination-vpc.tf index 9d60c8f..f1c2fe6 100644 --- a/VPC-Peering/Modules/single-vpc-to-vpc/02-destination-vpc.tf +++ b/VPC-Peering/Modules/single-vpc-to-vpc/02-destination-vpc.tf @@ -1,53 +1,62 @@ -#tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs -resource "aws_vpc" "acceptor_vpc" { - cidr_block = var.acceptor_cidr - instance_tenancy = "default" - - enable_dns_support = true - enable_dns_hostnames = true - provider = aws.us-west +# #tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs +# <<<<<<< HEAD +# resource "aws_vpc" "acceptor_vpc" { +# cidr_block = var.acceptor_cidr +# ======= +# resource "aws_vpc" "destination_vpc" { +# cidr_block = var.dest_cidr +# >>>>>>> aab567e (changed a few things) +# instance_tenancy = "default" + +# enable_dns_support = true +# enable_dns_hostnames = true +# provider = aws.us-west - tags = { - Name = var.acceptor_vpc_name - Environment = var.environment - } -} +# tags = { +# Name = var.acceptor_vpc_name +# Environment = var.environment +# } +# } -### Elastic IP for NAT Gateway ### -resource "aws_eip" "acceptor_nat_eip" { - provider = aws.us-west +# ### Elastic IP for NAT Gateway ### +# resource "aws_eip" "acceptor_nat_eip" { +# provider = aws.us-west - tags = { - Name = "${var.acceptor_vpc_name}-nat-eip" - } +# tags = { +# Name = "${var.acceptor_vpc_name}-nat-eip" +# } - depends_on = [ aws_vpc.acceptor_vpc ] -} -resource "aws_nat_gateway" "acceptor_nat_gw" { - provider = aws.us-west - allocation_id = aws_eip.acceptor_nat_eip.id - subnet_id = aws_subnet.acceptor_public_subnet.id +# depends_on = [ aws_vpc.acceptor_vpc ] +# } +# resource "aws_nat_gateway" "acceptor_nat_gw" { +# provider = aws.us-west +# allocation_id = aws_eip.acceptor_nat_eip.id +# subnet_id = aws_subnet.acceptor_public_subnet.id - tags = { - Name = "${var.acceptor_vpc_name}-nat-gateway" - } +# tags = { +# Name = "${var.acceptor_vpc_name}-nat-gateway" +# } - depends_on = [ aws_eip.acceptor_nat_eip ] -} +# depends_on = [ aws_eip.acceptor_nat_eip ] +# } -### Internet Gateway ### -resource "aws_internet_gateway" "acceptor_igw" { - provider = aws.us-west - vpc_id = aws_vpc.acceptor_vpc.id +# ### Internet Gateway ### +# resource "aws_internet_gateway" "acceptor_igw" { +# provider = aws.us-west +# vpc_id = aws_vpc.acceptor_vpc.id - depends_on = [ aws_vpc.acceptor_vpc ] +# depends_on = [ aws_vpc.acceptor_vpc ] - tags = { - Name = "${var.acceptor_vpc_name}-igw" - } -} +# tags = { +# Name = "${var.acceptor_vpc_name}-igw" +# } +# <<<<<<< HEAD +# } +# ======= +# } +# >>>>>>> main diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/03-peering.tf b/VPC-Peering/Modules/single-vpc-to-vpc/03-peering.tf index f3d57c0..572ee51 100644 --- a/VPC-Peering/Modules/single-vpc-to-vpc/03-peering.tf +++ b/VPC-Peering/Modules/single-vpc-to-vpc/03-peering.tf @@ -33,4 +33,8 @@ resource "aws_vpc_peering_connection_accepter" "dest_peer" { } depends_on = [ aws_vpc.requester_vpc, aws_vpc.acceptor_vpc ] +<<<<<<< HEAD } +======= +} +>>>>>>> main diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/04-subnet.tf b/VPC-Peering/Modules/single-vpc-to-vpc/04-subnet.tf index 9d28536..5987c0d 100644 --- a/VPC-Peering/Modules/single-vpc-to-vpc/04-subnet.tf +++ b/VPC-Peering/Modules/single-vpc-to-vpc/04-subnet.tf @@ -1,78 +1,78 @@ -### Subnets for Source VPC ### -### Public Subnet ### -resource "aws_subnet" "requester_public_subnet" { - provider = aws.us-east - vpc_id = aws_vpc.requester_vpc.id - cidr_block = var.requester_vpc_pub_sub_cidr - availability_zone = var.requester_subnet1_az - map_public_ip_on_launch = var.map_public_ip_on_launch #tfsec:ignore:aws-ec2-no-public-ip-subnet +# ### Subnets for Source VPC ### +# ### Public Subnet ### +# resource "aws_subnet" "requester_public_subnet" { +# provider = aws.us-east +# vpc_id = aws_vpc.requester_vpc.id +# cidr_block = var.requester_vpc_pub_sub_cidr +# availability_zone = var.requester_subnet1_az +# map_public_ip_on_launch = var.map_public_ip_on_launch #tfsec:ignore:aws-ec2-no-public-ip-subnet - tags = { - Name = "${var.requester_vpc_name}-public-subnet" - } -} +# tags = { +# Name = "${var.requester_vpc_name}-public-subnet" +# } +# } -## Private Subnets ## -resource "aws_subnet" "requester_subnet1" { - provider = aws.us-east - vpc_id = aws_vpc.requester_vpc.id - cidr_block = var.requester_subnet1_cidr - availability_zone = var.requester_subnet1_az - map_public_ip_on_launch = var.map_public_ip_on_launch +# ## Private Subnets ## +# resource "aws_subnet" "requester_subnet1" { +# provider = aws.us-east +# vpc_id = aws_vpc.requester_vpc.id +# cidr_block = var.requester_subnet1_cidr +# availability_zone = var.requester_subnet1_az +# map_public_ip_on_launch = var.map_public_ip_on_launch - tags = { - Name = var.requester_subnet1_name - } -} +# tags = { +# Name = var.requester_subnet1_name +# } +# } -resource "aws_subnet" "requester_subnet2" { - provider = aws.us-east - vpc_id = aws_vpc.requester_vpc.id - cidr_block = var.requester_subnet2_cidr - availability_zone = var.requester_subnet2_az - map_public_ip_on_launch = var.map_public_ip_on_launch +# resource "aws_subnet" "requester_subnet2" { +# provider = aws.us-east +# vpc_id = aws_vpc.requester_vpc.id +# cidr_block = var.requester_subnet2_cidr +# availability_zone = var.requester_subnet2_az +# map_public_ip_on_launch = var.map_public_ip_on_launch - tags = { - Name = var.requester_subnet2_name - } -} +# tags = { +# Name = var.requester_subnet2_name +# } +# } -### Subnets for Destination VPC ### -resource "aws_subnet" "acceptor_subnet1" { - provider = aws.us-west - vpc_id = aws_vpc.acceptor_vpc.id - cidr_block = var.acceptor_subnet1_cidr - availability_zone = var.acceptor_subnet1_az - map_public_ip_on_launch = var.map_public_ip_on_launch +# ### Subnets for Destination VPC ### +# resource "aws_subnet" "acceptor_subnet1" { +# provider = aws.us-west +# vpc_id = aws_vpc.acceptor_vpc.id +# cidr_block = var.acceptor_subnet1_cidr +# availability_zone = var.acceptor_subnet1_az +# map_public_ip_on_launch = var.map_public_ip_on_launch - tags = { - Name = var.acceptor_subnet1_name - } -} +# tags = { +# Name = var.acceptor_subnet1_name +# } +# } -resource "aws_subnet" "acceptor_subnet2" { - provider = aws.us-west - vpc_id = aws_vpc.acceptor_vpc.id - cidr_block = var.acceptor_subnet2_cidr - availability_zone = var.acceptor_subnet2_az - map_public_ip_on_launch = var.map_public_ip_on_launch +# resource "aws_subnet" "acceptor_subnet2" { +# provider = aws.us-west +# vpc_id = aws_vpc.acceptor_vpc.id +# cidr_block = var.acceptor_subnet2_cidr +# availability_zone = var.acceptor_subnet2_az +# map_public_ip_on_launch = var.map_public_ip_on_launch - tags = { - Name = var.acceptor_subnet2_name - } -} +# tags = { +# Name = var.acceptor_subnet2_name +# } +# } -### Public Subnet ### -resource "aws_subnet" "acceptor_public_subnet" { - provider = aws.us-west - vpc_id = aws_vpc.acceptor_vpc.id - cidr_block = var.acceptor_pub_sub_cidr - availability_zone = var.acceptor_subnet1_az - map_public_ip_on_launch = var.map_public_ip_on_launch #tfsec:ignore:aws-ec2-no-public-ip-subnet +# ### Public Subnet ### +# resource "aws_subnet" "acceptor_public_subnet" { +# provider = aws.us-west +# vpc_id = aws_vpc.acceptor_vpc.id +# cidr_block = var.acceptor_pub_sub_cidr +# availability_zone = var.acceptor_subnet1_az +# map_public_ip_on_launch = var.map_public_ip_on_launch #tfsec:ignore:aws-ec2-no-public-ip-subnet - tags = { - Name = "${var.acceptor_vpc_name}-public-subnet" - } -} \ No newline at end of file +# tags = { +# Name = "${var.acceptor_vpc_name}-public-subnet" +# } +# } \ No newline at end of file diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/05-EC2.tf b/VPC-Peering/Modules/single-vpc-to-vpc/05-EC2.tf index 97f368d..7e23ece 100644 --- a/VPC-Peering/Modules/single-vpc-to-vpc/05-EC2.tf +++ b/VPC-Peering/Modules/single-vpc-to-vpc/05-EC2.tf @@ -1,42 +1,46 @@ -### EC2 Instance in Source VPC ### -resource "aws_instance" "source_instance" { - provider = aws.us-east - ami = var.requester_ami_id # use the ami from your specific region - instance_type = var.instance_type - iam_instance_profile = aws_iam_instance_profile.ssm_profile.name - subnet_id = aws_subnet.requester_subnet1.id ## Ensure this is the private subnet, for SSM access - vpc_security_group_ids = [aws_security_group.requester_sg.id] - metadata_options { - http_tokens = "required" - } - root_block_device { - encrypted = true - } - tags = { - Name = "${var.requester_vpc_name}-instance" - } +# ### EC2 Instance in Source VPC ### +# resource "aws_instance" "source_instance" { +# provider = aws.us-east +# ami = var.requester_ami_id # use the ami from your specific region +# instance_type = var.instance_type +# iam_instance_profile = aws_iam_instance_profile.ssm_profile.name +# subnet_id = aws_subnet.requester_subnet1.id ## Ensure this is the private subnet, for SSM access +# vpc_security_group_ids = [aws_security_group.requester_sg.id] +# metadata_options { +# http_tokens = "required" +# } +# root_block_device { +# encrypted = true +# } +# tags = { +# Name = "${var.requester_vpc_name}-instance" +# } - depends_on = [aws_vpc.requester_vpc, aws_subnet.requester_subnet1] -} +# depends_on = [aws_vpc.requester_vpc, aws_subnet.requester_subnet1] +# } -### EC2 Instance in Destination VPC ### -resource "aws_instance" "acceptor_instance" { - provider = aws.us-west - ami = var.acceptor_ami_id # use the ami from your specific region - instance_type = var.instance_type - iam_instance_profile = aws_iam_instance_profile.ssm_profile.name - subnet_id = aws_subnet.acceptor_subnet1.id ## Ensure this is the private subnet, for SSM access - vpc_security_group_ids = [aws_security_group.acceptor_sg.id] - metadata_options { - http_tokens = "required" - } +# ### EC2 Instance in Destination VPC ### +# resource "aws_instance" "acceptor_instance" { +# provider = aws.us-west +# ami = var.acceptor_ami_id # use the ami from your specific region +# instance_type = var.instance_type +# iam_instance_profile = aws_iam_instance_profile.ssm_profile.name +# subnet_id = aws_subnet.acceptor_subnet1.id ## Ensure this is the private subnet, for SSM access +# vpc_security_group_ids = [aws_security_group.acceptor_sg.id] +# metadata_options { +# http_tokens = "required" +# } - root_block_device { - encrypted = true - } - tags = { - Name = "${var.acceptor_vpc_name}-instance" - } +# root_block_device { +# encrypted = true +# } +# tags = { +# Name = "${var.acceptor_vpc_name}-instance" +# } - depends_on = [aws_vpc.acceptor_vpc, aws_subnet.acceptor_subnet1] -} +# depends_on = [aws_vpc.acceptor_vpc, aws_subnet.acceptor_subnet1] +# <<<<<<< HEAD +# } +# ======= +# } +# >>>>>>> main diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/06-security-groups.tf b/VPC-Peering/Modules/single-vpc-to-vpc/06-security-groups.tf index 28d3186..07ce5fb 100644 --- a/VPC-Peering/Modules/single-vpc-to-vpc/06-security-groups.tf +++ b/VPC-Peering/Modules/single-vpc-to-vpc/06-security-groups.tf @@ -1,69 +1,73 @@ -### -------------- Security Group for Source VPC ------------- ### -resource "aws_security_group" "requester_sg" { - provider = aws.us-east - vpc_id = aws_vpc.requester_vpc.id - description = "Security group for source VPC" -} - -resource "aws_security_group_rule" "icmp_source" { - provider = aws.us-east - type = "ingress" - from_port = -1 - to_port = -1 - protocol = "icmp" - security_group_id = aws_security_group.requester_sg.id - cidr_blocks = [var.acceptor_cidr] +# ### -------------- Security Group for Source VPC ------------- ### +# resource "aws_security_group" "requester_sg" { +# provider = aws.us-east +# vpc_id = aws_vpc.requester_vpc.id +# description = "Security group for source VPC" +# } + +# resource "aws_security_group_rule" "icmp_source" { +# provider = aws.us-east +# type = "ingress" +# from_port = -1 +# to_port = -1 +# protocol = "icmp" +# security_group_id = aws_security_group.requester_sg.id +# cidr_blocks = [var.acceptor_cidr] - description = "Allow ICMP from destination VPC" +# description = "Allow ICMP from destination VPC" - depends_on = [ aws_security_group.requester_sg ] -} +# depends_on = [ aws_security_group.requester_sg ] +# } -resource "aws_vpc_security_group_egress_rule" "source_egress" { - security_group_id = aws_security_group.requester_sg.id - provider = aws.us-east +# resource "aws_vpc_security_group_egress_rule" "source_egress" { +# security_group_id = aws_security_group.requester_sg.id +# provider = aws.us-east - cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr - ip_protocol = "-1" +# cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr +# ip_protocol = "-1" -} +# } -### ---------------- Destination VPC Security Group ------------- ### +# ### ---------------- Destination VPC Security Group ------------- ### -### Security Group for destination VPC ### +# ### Security Group for destination VPC ### -resource "aws_security_group" "acceptor_sg" { - provider = aws.us-west - vpc_id = aws_vpc.acceptor_vpc.id - description = "Security group for destination VPC" -} +# resource "aws_security_group" "acceptor_sg" { +# provider = aws.us-west +# vpc_id = aws_vpc.acceptor_vpc.id +# description = "Security group for destination VPC" +# } -resource "aws_security_group_rule" "icmp_dest" { - provider = aws.us-west - type = "ingress" - from_port = -1 - to_port = -1 - protocol = "icmp" - security_group_id = aws_security_group.acceptor_sg.id - cidr_blocks = [var.requester_vpc_cidr] +# resource "aws_security_group_rule" "icmp_dest" { +# provider = aws.us-west +# type = "ingress" +# from_port = -1 +# to_port = -1 +# protocol = "icmp" +# security_group_id = aws_security_group.acceptor_sg.id +# cidr_blocks = [var.requester_vpc_cidr] - description = "Allow ICMP from source VPC" +# description = "Allow ICMP from source VPC" - depends_on = [ aws_security_group.acceptor_sg ] -} +# depends_on = [ aws_security_group.acceptor_sg ] +# } -resource "aws_vpc_security_group_egress_rule" "dest_egress" { - security_group_id = aws_security_group.acceptor_sg.id - provider = aws.us-west +# resource "aws_vpc_security_group_egress_rule" "dest_egress" { +# security_group_id = aws_security_group.acceptor_sg.id +# provider = aws.us-west - cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr - ip_protocol = "-1" +# cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr +# ip_protocol = "-1" -} +# <<<<<<< HEAD +# } +# ======= +# } +# >>>>>>> main diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/07-route-tables.tf b/VPC-Peering/Modules/single-vpc-to-vpc/07-route-tables.tf index e11a562..2c224e2 100644 --- a/VPC-Peering/Modules/single-vpc-to-vpc/07-route-tables.tf +++ b/VPC-Peering/Modules/single-vpc-to-vpc/07-route-tables.tf @@ -1,81 +1,85 @@ -### Source/Requester VPC Route Tables ### +# ### Source/Requester VPC Route Tables ### -resource "aws_route_table" "requestor_rt" { - vpc_id = aws_vpc.requester_vpc.id - provider = aws.us-east +# resource "aws_route_table" "requestor_rt" { +# vpc_id = aws_vpc.requester_vpc.id +# provider = aws.us-east - route { - cidr_block = var.acceptor_cidr - vpc_peering_connection_id = aws_vpc_peering_connection.this_connection.id - } - route { - cidr_block = "0.0.0.0/0" - nat_gateway_id = aws_nat_gateway.requester_nat_gw.id +# route { +# cidr_block = var.acceptor_cidr +# vpc_peering_connection_id = aws_vpc_peering_connection.this_connection.id +# } +# route { +# cidr_block = "0.0.0.0/0" +# nat_gateway_id = aws_nat_gateway.requester_nat_gw.id - } - tags = { - Name = var.requester_rt_name - } - depends_on = [ aws_vpc.requester_vpc ] -} +# } +# tags = { +# Name = var.requester_rt_name +# } +# depends_on = [ aws_vpc.requester_vpc ] +# } -### Public route table for source VPC ### -resource "aws_route_table" "public_source_rt" { - vpc_id = aws_vpc.requester_vpc.id - provider = aws.us-east +# ### Public route table for source VPC ### +# resource "aws_route_table" "public_source_rt" { +# vpc_id = aws_vpc.requester_vpc.id +# provider = aws.us-east - route { - cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.this_igw.id - } +# route { +# cidr_block = "0.0.0.0/0" +# gateway_id = aws_internet_gateway.this_igw.id +# } - route { - cidr_block = var.acceptor_cidr - vpc_peering_connection_id = aws_vpc_peering_connection.this_connection.id - } - tags = { - Name = "${var.requester_vpc_name}-public-route-table" - } - depends_on = [ aws_vpc.requester_vpc ] -} +# route { +# cidr_block = var.acceptor_cidr +# vpc_peering_connection_id = aws_vpc_peering_connection.this_connection.id +# } +# tags = { +# Name = "${var.requester_vpc_name}-public-route-table" +# } +# depends_on = [ aws_vpc.requester_vpc ] +# } -### Destination/ Accepter VPC Route Tables ### +# ### Destination/ Accepter VPC Route Tables ### -### Private route table for destination VPC ### -resource "aws_route_table" "this_rt" { - vpc_id = aws_vpc.acceptor_vpc.id - provider = aws.us-west +# ### Private route table for destination VPC ### +# resource "aws_route_table" "this_rt" { +# vpc_id = aws_vpc.acceptor_vpc.id +# provider = aws.us-west - route { - cidr_block = var.requester_vpc_cidr - vpc_peering_connection_id = aws_vpc_peering_connection.this_connection.id - } - route { - cidr_block = "0.0.0.0/0" - nat_gateway_id = aws_nat_gateway.acceptor_nat_gw.id - } +# route { +# cidr_block = var.requester_vpc_cidr +# vpc_peering_connection_id = aws_vpc_peering_connection.this_connection.id +# } +# route { +# cidr_block = "0.0.0.0/0" +# nat_gateway_id = aws_nat_gateway.acceptor_nat_gw.id +# } - tags = { - Name = var.acceptor_rt_name - } - depends_on = [ aws_vpc.acceptor_vpc ] -} +# tags = { +# Name = var.acceptor_rt_name +# } +# depends_on = [ aws_vpc.acceptor_vpc ] +# } -### Route Table for Public Subnet ### -resource "aws_route_table" "this_pub_rt" { - vpc_id = aws_vpc.acceptor_vpc.id - provider = aws.us-west +# ### Route Table for Public Subnet ### +# resource "aws_route_table" "this_pub_rt" { +# vpc_id = aws_vpc.acceptor_vpc.id +# provider = aws.us-west - route { - cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.acceptor_igw.id +# route { +# cidr_block = "0.0.0.0/0" +# gateway_id = aws_internet_gateway.acceptor_igw.id - } +# } - tags = { - Name = "${var.acceptor_vpc_name}-public-route-table" - } - depends_on = [ aws_vpc.acceptor_vpc ] -} +# tags = { +# Name = "${var.acceptor_vpc_name}-public-route-table" +# } +# depends_on = [ aws_vpc.acceptor_vpc ] +# <<<<<<< HEAD +# } +# ======= +# } +# >>>>>>> main diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/08-route-table-associations.tf b/VPC-Peering/Modules/single-vpc-to-vpc/08-route-table-associations.tf new file mode 100644 index 0000000..300237d --- /dev/null +++ b/VPC-Peering/Modules/single-vpc-to-vpc/08-route-table-associations.tf @@ -0,0 +1,51 @@ +### Route Table Association for Source ### + +resource "aws_route_table_association" "a" { + provider = aws.us-east + subnet_id = aws_subnet.requester_subnet1.id + route_table_id = aws_route_table.requestor_rt.id + + depends_on = [ aws_route_table.requestor_rt ] +} + +resource "aws_route_table_association" "b" { + provider = aws.us-east + subnet_id = aws_subnet.requester_subnet2.id + route_table_id = aws_route_table.requestor_rt.id + + depends_on = [ aws_route_table.requestor_rt ] +} + +resource "aws_route_table_association" "pub_a" { + provider = aws.us-east + subnet_id = aws_subnet.requester_public_subnet.id + route_table_id = aws_route_table.public_source_rt.id + + depends_on = [ aws_route_table.public_source_rt ] +} + +### Route Table Association for Destination VPC Public Subnet + +resource "aws_route_table_association" "c" { + provider = aws.us-west + subnet_id = aws_subnet.acceptor_subnet1.id + route_table_id = aws_route_table.this_rt.id + + depends_on = [ aws_route_table.this_rt ] +} + +resource "aws_route_table_association" "d" { + provider = aws.us-west + subnet_id = aws_subnet.acceptor_subnet2.id + route_table_id = aws_route_table.this_rt.id + + depends_on = [ aws_route_table.this_rt ] +} + +resource "aws_route_table_association" "dest_d" { + provider = aws.us-west + subnet_id = aws_subnet.acceptor_public_subnet.id + route_table_id = aws_route_table.this_pub_rt.id + + depends_on = [ aws_route_table.this_pub_rt ] +} \ No newline at end of file diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/09-iam.tf b/VPC-Peering/Modules/single-vpc-to-vpc/09-iam.tf index 945d1f2..1c3f790 100644 --- a/VPC-Peering/Modules/single-vpc-to-vpc/09-iam.tf +++ b/VPC-Peering/Modules/single-vpc-to-vpc/09-iam.tf @@ -1,87 +1,91 @@ -### use the IAM policy created for SSM ### +# ### use the IAM policy created for SSM ### -resource "aws_iam_policy" "ssm_policy" { - name = "AmazonSSMManagedInstanceCore" - path = "/" - description = "SSM policy" +# resource "aws_iam_policy" "ssm_policy" { +# name = "AmazonSSMManagedInstanceCore" +# path = "/" +# description = "SSM policy" - # Terraform's "jsonencode" function converts a - # Terraform expression result to valid JSON syntax. - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - "Effect": "Allow", - "Action": [ - "ssm:DescribeAssociation", - "ssm:GetDeployablePatchSnapshotForInstance", - "ssm:GetDocument", - "ssm:DescribeDocument", - "ssm:GetManifest", - "ssm:GetParameter", - "ssm:GetParameters", - "ssm:ListAssociations", - "ssm:ListInstanceAssociations", - "ssm:PutInventory", - "ssm:PutComplianceItems", - "ssm:PutConfigurePackageResult", - "ssm:UpdateAssociationStatus", - "ssm:UpdateInstanceAssociationStatus", - "ssm:UpdateInstanceInformation" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "ssmmessages:CreateControlChannel", - "ssmmessages:CreateDataChannel", - "ssmmessages:OpenControlChannel", - "ssmmessages:OpenDataChannel" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "ec2messages:AcknowledgeMessage", - "ec2messages:DeleteMessage", - "ec2messages:FailMessage", - "ec2messages:GetEndpoint", - "ec2messages:GetMessages", - "ec2messages:SendReply" - ], - "Resource": "*" - } - ] - }) -} +# # Terraform's "jsonencode" function converts a +# # Terraform expression result to valid JSON syntax. +# policy = jsonencode({ +# Version = "2012-10-17" +# Statement = [ +# { +# "Effect": "Allow", +# "Action": [ +# "ssm:DescribeAssociation", +# "ssm:GetDeployablePatchSnapshotForInstance", +# "ssm:GetDocument", +# "ssm:DescribeDocument", +# "ssm:GetManifest", +# "ssm:GetParameter", +# "ssm:GetParameters", +# "ssm:ListAssociations", +# "ssm:ListInstanceAssociations", +# "ssm:PutInventory", +# "ssm:PutComplianceItems", +# "ssm:PutConfigurePackageResult", +# "ssm:UpdateAssociationStatus", +# "ssm:UpdateInstanceAssociationStatus", +# "ssm:UpdateInstanceInformation" +# ], +# "Resource": "*" +# }, +# { +# "Effect": "Allow", +# "Action": [ +# "ssmmessages:CreateControlChannel", +# "ssmmessages:CreateDataChannel", +# "ssmmessages:OpenControlChannel", +# "ssmmessages:OpenDataChannel" +# ], +# "Resource": "*" +# }, +# { +# "Effect": "Allow", +# "Action": [ +# "ec2messages:AcknowledgeMessage", +# "ec2messages:DeleteMessage", +# "ec2messages:FailMessage", +# "ec2messages:GetEndpoint", +# "ec2messages:GetMessages", +# "ec2messages:SendReply" +# ], +# "Resource": "*" +# } +# ] +# }) +# } -data "aws_iam_policy_document" "ssm_policy_doc" { - statement { - actions = [ - "sts:AssumeRole" - ] - principals { - type = "Service" - identifiers = ["ec2.amazonaws.com"] - } - effect = "Allow" - } -} +# data "aws_iam_policy_document" "ssm_policy_doc" { +# statement { +# actions = [ +# "sts:AssumeRole" +# ] +# principals { +# type = "Service" +# identifiers = ["ec2.amazonaws.com"] +# } +# effect = "Allow" +# } +# } -resource "aws_iam_role" "ssm_role" { - name = "AmazonSSMManagedInstanceCore1" - assume_role_policy = data.aws_iam_policy_document.ssm_policy_doc.json -} +# resource "aws_iam_role" "ssm_role" { +# name = "AmazonSSMManagedInstanceCore1" +# assume_role_policy = data.aws_iam_policy_document.ssm_policy_doc.json +# } -resource "aws_iam_role_policy_attachment" "attach_ssm_policy" { - role = aws_iam_role.ssm_role.name - policy_arn = aws_iam_policy.ssm_policy.arn -} +# resource "aws_iam_role_policy_attachment" "attach_ssm_policy" { +# role = aws_iam_role.ssm_role.name +# policy_arn = aws_iam_policy.ssm_policy.arn +# } -resource "aws_iam_instance_profile" "ssm_profile" { - name = "AmazonSSMManagedInstanceCore2" - role = aws_iam_role.ssm_role.name -} +# resource "aws_iam_instance_profile" "ssm_profile" { +# name = "AmazonSSMManagedInstanceCore2" +# role = aws_iam_role.ssm_role.name +# <<<<<<< HEAD +# } +# ======= +# } +# >>>>>>> main diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/10-variables.tf b/VPC-Peering/Modules/single-vpc-to-vpc/10-variables.tf index 933a272..370f6d4 100644 --- a/VPC-Peering/Modules/single-vpc-to-vpc/10-variables.tf +++ b/VPC-Peering/Modules/single-vpc-to-vpc/10-variables.tf @@ -1,163 +1,163 @@ -variable "environment" { - description = "The environment for the VPC (e.g., dev, staging, prod)" - type = string +# variable "environment" { +# description = "The environment for the VPC (e.g., dev, staging, prod)" +# type = string -} +# } -variable "requestor_vpc_region" { - description = "The AWS region for the source VPC" - type = string -} +# variable "requestor_vpc_region" { +# description = "The AWS region for the source VPC" +# type = string +# } -variable "acceptor_region" { - description = "The AWS region for the destination VPC" - type = string +# variable "acceptor_region" { +# description = "The AWS region for the destination VPC" +# type = string -} +# } -### Source VPC Variables ### +# ### Source VPC Variables ### -variable "requester_vpc_name" { - description = "Name for the source VPC" - type = string +# variable "requester_vpc_name" { +# description = "Name for the source VPC" +# type = string -} +# } -variable "requester_vpc_cidr" { - description = "CIDR block for the destination VPC" - type = string -} +# variable "requester_vpc_cidr" { +# description = "CIDR block for the destination VPC" +# type = string +# } -variable "requester_vpc_pub_sub_cidr" { - description = "CIDR block for the public subnet" - type = string -} +# variable "requester_vpc_pub_sub_cidr" { +# description = "CIDR block for the public subnet" +# type = string +# } -variable "requester_subnet1_cidr" { - description = "CIDR block for the first destination subnet" - type = string +# variable "requester_subnet1_cidr" { +# description = "CIDR block for the first destination subnet" +# type = string -} +# } -variable "requester_subnet1_name" { - description = "Name for the first destination subnet" - type = string +# variable "requester_subnet1_name" { +# description = "Name for the first destination subnet" +# type = string -} +# } -variable "requester_subnet1_az" { - description = "Availability Zone for the first destination subnet" - type = string +# variable "requester_subnet1_az" { +# description = "Availability Zone for the first destination subnet" +# type = string -} +# } -variable "requester_subnet2_name" { - description = "Name for the second destination subnet" - type = string +# variable "requester_subnet2_name" { +# description = "Name for the second destination subnet" +# type = string -} +# } -variable "requester_subnet2_cidr" { - description = "CIDR block for the second destination subnet" - type = string +# variable "requester_subnet2_cidr" { +# description = "CIDR block for the second destination subnet" +# type = string -} +# } -variable "requester_subnet2_az" { - description = "Availability Zone for the second destination subnet" - type = string +# variable "requester_subnet2_az" { +# description = "Availability Zone for the second destination subnet" +# type = string -} +# } -variable "requester_rt_name" { - description = "Name for the destination route table" - type = string +# variable "requester_rt_name" { +# description = "Name for the destination route table" +# type = string -} +# } -### Acceptor VPC Variables ### +# ### Acceptor VPC Variables ### -variable "acceptor_vpc_name" { - description = "Name for the source VPC" - type = string +# variable "acceptor_vpc_name" { +# description = "Name for the source VPC" +# type = string -} -variable "acceptor_cidr" { - description = "CIDR block for the destination VPC" - type = string -} +# } +# variable "acceptor_cidr" { +# description = "CIDR block for the destination VPC" +# type = string +# } -variable "acceptor_subnet1_cidr" { - description = "CIDR block for the first destination subnet" - type = string +# variable "acceptor_subnet1_cidr" { +# description = "CIDR block for the first destination subnet" +# type = string -} +# } -variable "acceptor_subnet1_name" { - description = "Name for the first destination subnet" - type = string +# variable "acceptor_subnet1_name" { +# description = "Name for the first destination subnet" +# type = string -} +# } -variable "acceptor_subnet1_az" { - description = "Availability Zone for the first destination subnet" - type = string +# variable "acceptor_subnet1_az" { +# description = "Availability Zone for the first destination subnet" +# type = string -} +# } -variable "acceptor_subnet2_name" { - description = "Name for the second destination subnet" - type = string +# variable "acceptor_subnet2_name" { +# description = "Name for the second destination subnet" +# type = string -} +# } -variable "acceptor_pub_sub_cidr" { - description = "CIDR block for the public subnet" - type = string -} +# variable "acceptor_pub_sub_cidr" { +# description = "CIDR block for the public subnet" +# type = string +# } -variable "acceptor_subnet2_cidr" { - description = "CIDR block for the second destination subnet" - type = string +# variable "acceptor_subnet2_cidr" { +# description = "CIDR block for the second destination subnet" +# type = string -} +# } -variable "acceptor_subnet2_az" { - description = "Availability Zone for the second destination subnet" - type = string +# variable "acceptor_subnet2_az" { +# description = "Availability Zone for the second destination subnet" +# type = string -} +# } -variable "acceptor_rt_name" { - description = "Name for the destination route table" - type = string +# variable "acceptor_rt_name" { +# description = "Name for the destination route table" +# type = string -} -variable "map_public_ip_on_launch" { - description = "Whether to map public IPs on launch for subnets, defaults to false" - type = bool - default = false +# } +# variable "map_public_ip_on_launch" { +# description = "Whether to map public IPs on launch for subnets, defaults to false" +# type = bool +# default = false -} +# } -### EC2 Instance Variables ### +# ### EC2 Instance Variables ### -variable "requester_ami_id" { - description = "ami id for the source VPC EC2 instance. MUST BE REGION SPECIFIC" - type = string -} +# variable "requester_ami_id" { +# description = "ami id for the source VPC EC2 instance. MUST BE REGION SPECIFIC" +# type = string +# } -variable "acceptor_ami_id" { - description = "ami id for the destination VPC EC2 instance. MUST BE REGION SPECIFIC" - type = string -} -variable "instance_type" { - description = "Instance type for the EC2 instances in both VPCs" - type = string - default = "t2.micro" -} \ No newline at end of file +# variable "acceptor_ami_id" { +# description = "ami id for the destination VPC EC2 instance. MUST BE REGION SPECIFIC" +# type = string +# } +# variable "instance_type" { +# description = "Instance type for the EC2 instances in both VPCs" +# type = string +# default = "t2.micro" +# } \ No newline at end of file diff --git a/VPC/.DS_Store b/VPC/.DS_Store new file mode 100644 index 0000000..25c46ea Binary files /dev/null and b/VPC/.DS_Store differ diff --git a/VPC/.gitignore b/VPC/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VPC/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC/.terraform/providers/registry.terraform.io/hashicorp/aws/6.0.0-beta2/darwin_arm64/LICENSE.txt b/VPC/.terraform/providers/registry.terraform.io/hashicorp/aws/6.0.0-beta2/darwin_arm64/LICENSE.txt new file mode 100644 index 0000000..b9ac071 --- /dev/null +++ b/VPC/.terraform/providers/registry.terraform.io/hashicorp/aws/6.0.0-beta2/darwin_arm64/LICENSE.txt @@ -0,0 +1,375 @@ +Copyright (c) 2017 HashiCorp, Inc. + +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/VPC/Environment/.DS_Store b/VPC/Environment/.DS_Store new file mode 100644 index 0000000..27c0106 Binary files /dev/null and b/VPC/Environment/.DS_Store differ diff --git a/VPC/Environment/Dev/.DS_Store b/VPC/Environment/Dev/.DS_Store new file mode 100644 index 0000000..5008ddf Binary files /dev/null and b/VPC/Environment/Dev/.DS_Store differ diff --git a/VPC/Environment/Dev/.gitignore b/VPC/Environment/Dev/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VPC/Environment/Dev/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC/Environment/Dev/.terraform.lock.hcl b/VPC/Environment/Dev/.terraform.lock.hcl new file mode 100644 index 0000000..8a42b7f --- /dev/null +++ b/VPC/Environment/Dev/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "6.0.0-beta2" + constraints = "6.0.0-beta2" + hashes = [ + "h1:HUSfZFXOxU04oYqBSt4hwDecE5HRuExIYHEXZgelU/s=", + "zh:0ce9991734cbb33ef01b6034f9240a71c1d5de83b96b1c9bd04fdb90217e08a4", + "zh:3651f84c9b1a1ae49c9d93cf866e20547b5fe05b8347f535b297582ec24b271a", + "zh:4e52271e0b65ae1d06ef3e7faf0904c8c4df967424fca39ebfa566feda78533c", + "zh:619b2587d835e2547386cc139a264ce676812003869fb9dde62e91a7299d658f", + "zh:6ecb46509509a34af653aa64f0871460a738e7cce287ca147327f13b1f6038ba", + "zh:76555a37ba40a730c413e4b2dd77cefcac4a81d6f44b1fa50de116c5b8eee3fb", + "zh:7c33e147f7a2f59bc82b1ff20332596df329d7180f2ff1406aab0710742b4127", + "zh:7c8a24847bf4b573bf5db782e06fc252ca79899d892aa0a2ae4ee4cab55c7fd8", + "zh:828f1e40ec97227ca590292ed91b9e809150f8f5aa58b25f35d6291f7b6688c1", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9d6f6d1fa01ee87b3a2820f21f46204c89c22037a7838290d13d41ec29424639", + "zh:b77482d7947cd159d6c36083d3cbc0008ba5c479c5d143a4fff07abbfd9b54e1", + "zh:bb81fd7b8bd42b6a29f574c0eaa5b3b5faa904b62d844c0be4d8eea7a1bcde9d", + "zh:c200b02f1aaa0e82231553023619441e92def81b6248251bef021ec978bd6735", + "zh:e44c2d368db0bedd3d123f23ae0b96816d085e7da30736f2691b88c0318dfc79", + ] +} diff --git a/VPC/Environment/Dev/backend.tf b/VPC/Environment/Dev/backend.tf new file mode 100644 index 0000000..409aaf7 --- /dev/null +++ b/VPC/Environment/Dev/backend.tf @@ -0,0 +1,8 @@ +terraform { + backend "s3" { + bucket = "terraform-state-bucket1237546" + key = "dev-vpc-by-terraform-state.tfstate" + region = "us-east-1" + use_lockfile = true + } +} diff --git a/VPC/Environment/Dev/main.tf b/VPC/Environment/Dev/main.tf new file mode 100644 index 0000000..5bd83ee --- /dev/null +++ b/VPC/Environment/Dev/main.tf @@ -0,0 +1,25 @@ + +locals { + region = "us-east-1" +} + +module "vpc" { + source = "../../Modules/vpc" + create_vpc = "true" + vpc_cidr = "10.0.0.0/16" + enable_dns_hostnames = "true" + enable_dns_support = "true" + public_subnets_cidr_blocks = ["10.0.0.0/24", "10.0.1.0/24", "10.0.2.0/24"] + private_subnets_cidr_blocks = ["10.0.3.0/24", "10.0.4.0/24", "10.0.5.0/24"] + availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] + map_public_ip_on_launch = "true" + map_public_ip_on_private_subs = "false" + create_nat = "true" + name = "smooth" + create_igw = "true" + tags = { + Environment = "Dev" + Project = "Smooth" + } + +} \ No newline at end of file diff --git a/VPC/Environment/Dev/outputs.tf b/VPC/Environment/Dev/outputs.tf new file mode 100644 index 0000000..ba419a2 --- /dev/null +++ b/VPC/Environment/Dev/outputs.tf @@ -0,0 +1,40 @@ +output "vpc_id" { + description = "The ID of the VPC" + value = module.vpc.vpc_id +} + +output "vpc_cidr" { + description = "VPC CIDR" + value = module.vpc.vpc_cidr +} +output "igw_id" { + description = "The ID of the Internet Gateway" + value = module.vpc.igw_id +} + +output "igw_arn" { + description = "The ARN of the Internet Gateway" + value = module.vpc.igw_arn +} +output "public_subnets" { + description = "List of IDs of public subnets" + value = module.vpc.public_subnets +} +output "public_subnet_arns" { + description = "List of ARNs of public subnets" + value = module.vpc.public_subnet_arns +} +output "public_subnets_cidr_blocks" { + description = "List of cidr_blocks of public subnets" + value = module.vpc.public_subnets_cidr_blocks +} + +output "private_subnets" { + description = "List of IDs of private subnets" + value = module.vpc.private_subnets +} + +output "private_subnets_cidr_blocks" { + description = "List of cidr_blocks of private subnets" + value = module.vpc.private_subnets_cidr_blocks +} \ No newline at end of file diff --git a/VPC/Environment/Dev/providers.tf b/VPC/Environment/Dev/providers.tf new file mode 100644 index 0000000..bd011dc --- /dev/null +++ b/VPC/Environment/Dev/providers.tf @@ -0,0 +1,13 @@ +terraform { + required_version = ">= 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "6.0.0-beta2" + } + } + +} +provider "aws" { + region = local.region +} diff --git a/VPC/Environment/Dev/variables.tf b/VPC/Environment/Dev/variables.tf new file mode 100644 index 0000000..6fdf93d --- /dev/null +++ b/VPC/Environment/Dev/variables.tf @@ -0,0 +1,83 @@ +variable "create_vpc" { + description = "Create a new VPC" + type = bool + default = true + +} + +variable "vpc_cidr" { + description = "CIDR block for the VPC" + type = string + default = "" +} + +variable "enable_dns_hostnames" { + description = "Enable DNS hostnames in the VPC" + type = bool + default = true +} + +variable "enable_dns_support" { + description = "Enable DNS support in the VPC" + type = bool + default = true +} + +variable "public_subnets_cidr_blocks" { + description = "List of CIDR blocks for public subnets" + type = list(string) + default = [""] + +} + +variable "availability_zones" { + description = "List of availability zones for the VPC" + type = list(string) + default = [""] + +} + +variable "map_public_ip_on_launch" { + description = "Map public IP on launch for public subnets" + type = bool + default = true + +} + +variable "map_public_ip_on_private_subs" { + description = "Map public IP on launch for public subnets" + type = bool + default = false + +} + +######### private subnets ######### +variable "private_subnets_cidr_blocks" { + description = "List of private subnets CIDR blocks" + type = list(string) + default = [""] +} + +######### NAT/ IGW ############# +variable "create_nat" { + description = "Create a NAT Gateway" + type = bool + default = true +} +variable "create_igw" { + description = "Create an Internet Gateway" + type = bool + default = true +} +variable "tags" { + description = "tags for each resource" + type = map(string) + default = {} +} +variable "name" { + description = "universal name" + type = string + default = "" +} + + \ No newline at end of file diff --git a/VPC/Environment/test-v1/.gitignore b/VPC/Environment/test-v1/.gitignore new file mode 100644 index 0000000..7fd6910 --- /dev/null +++ b/VPC/Environment/test-v1/.gitignore @@ -0,0 +1,42 @@ +# Local .terraform directories +**/.terraform/* +.terraform/* +.terraform/ +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC/Environment/test-v1/.terraform.lock.hcl b/VPC/Environment/test-v1/.terraform.lock.hcl new file mode 100644 index 0000000..8a42b7f --- /dev/null +++ b/VPC/Environment/test-v1/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "6.0.0-beta2" + constraints = "6.0.0-beta2" + hashes = [ + "h1:HUSfZFXOxU04oYqBSt4hwDecE5HRuExIYHEXZgelU/s=", + "zh:0ce9991734cbb33ef01b6034f9240a71c1d5de83b96b1c9bd04fdb90217e08a4", + "zh:3651f84c9b1a1ae49c9d93cf866e20547b5fe05b8347f535b297582ec24b271a", + "zh:4e52271e0b65ae1d06ef3e7faf0904c8c4df967424fca39ebfa566feda78533c", + "zh:619b2587d835e2547386cc139a264ce676812003869fb9dde62e91a7299d658f", + "zh:6ecb46509509a34af653aa64f0871460a738e7cce287ca147327f13b1f6038ba", + "zh:76555a37ba40a730c413e4b2dd77cefcac4a81d6f44b1fa50de116c5b8eee3fb", + "zh:7c33e147f7a2f59bc82b1ff20332596df329d7180f2ff1406aab0710742b4127", + "zh:7c8a24847bf4b573bf5db782e06fc252ca79899d892aa0a2ae4ee4cab55c7fd8", + "zh:828f1e40ec97227ca590292ed91b9e809150f8f5aa58b25f35d6291f7b6688c1", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9d6f6d1fa01ee87b3a2820f21f46204c89c22037a7838290d13d41ec29424639", + "zh:b77482d7947cd159d6c36083d3cbc0008ba5c479c5d143a4fff07abbfd9b54e1", + "zh:bb81fd7b8bd42b6a29f574c0eaa5b3b5faa904b62d844c0be4d8eea7a1bcde9d", + "zh:c200b02f1aaa0e82231553023619441e92def81b6248251bef021ec978bd6735", + "zh:e44c2d368db0bedd3d123f23ae0b96816d085e7da30736f2691b88c0318dfc79", + ] +} diff --git a/VPC/Environment/test-v1/backend.tf b/VPC/Environment/test-v1/backend.tf new file mode 100644 index 0000000..78ec24f --- /dev/null +++ b/VPC/Environment/test-v1/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "terraform-state-bucket1237546" + key = "dev-vpc-module-by-terraform-state.tfstate" + region = "us-east-1" + use_lockfile = true + } +} +## \ No newline at end of file diff --git a/VPC/Environment/test-v1/main.tf b/VPC/Environment/test-v1/main.tf new file mode 100644 index 0000000..75de09d --- /dev/null +++ b/VPC/Environment/test-v1/main.tf @@ -0,0 +1,210 @@ +locals { + region = "us-east-1" + region_2 = "us-east-2" + envrionment = "Test" + Project = "Smooth" + global_name = "${var.name}-${local.Project}-${local.envrionment}" + tags = { + Envrionment = local.envrionment + Project = local.Project + } + +} +##################################################################### +# VPC +#################################################################### +module "vpc" { + source = "../../Modules/vpc" + name = local.global_name + + vpc_attributes = { + vpc = { + cidr_block = "10.0.0.0/16" + enable_dns_support = true + enable_dns_hostnames = true + region = local.region + } + vpc_2 = { + cidr_block = "10.10.0.0/16" + enable_dns_support = false + enable_dns_hostnames = false + region = local.region_2 + } + } + tags = local.tags +} + +#################################################################### +# Subnets +#################################################################### +module "subnets" { + source = "../../Modules/subnets" + name = local.global_name + public_subnets = { + pub_subnet_1 = { + vpc_id = module.vpc.vpc_id["vpc"] + cidr_block = ["10.0.0.0/24"] + availability_zone = ["us-east-1a"] + map_public_ip_on_launch = true + } + + pub_subnet_2 = { + vpc_id = module.vpc.vpc_id["vpc"] + cidr_block = ["10.0.1.0/24"] + availability_zone = ["us-east-1b"] + map_public_ip_on_launch = true + } + } + private_subnets = { + priv_subnet_1 = { + vpc_id = module.vpc.vpc_id["vpc"] + cidr_block = ["10.0.2.0/24"] + availability_zone = ["us-east-1a"] + map_public_ip_on_launch = false + } + priv_subnet_2 = { + vpc_id = module.vpc.vpc_id["vpc"] + cidr_block = ["10.0.3.0/24"] + availability_zone = ["us-east-1b"] + map_public_ip_on_launch = false + } + } +} +#################################################################### +# Route Tables +#################################################################### + +module "route-tables" { + source = "../../Modules/route-tables" + name = local.global_name + tags = local.tags + public_route_tables = { + public_rt1 = { + vpc_id = module.vpc.vpc_id["vpc"] + region = local.region + } + } + + public_routes = { + public_routes = { + type = "public" + route_table_id = module.route-tables.public_route_table_id["public_rt1"] + destination_cidr_block = "0.0.0.0/0" + gateway_id = module.igw-nat.igw_id["igw"] + } + } + public_route_table_associations = { + pub_rt1_subnet1 = { # unique key + route_table_id = module.route-tables.public_route_table_id["public_rt1"] + subnet_id = module.subnets.public_subnets["pub_subnet_1"] + } + pub_rt1_subnet2 = { + route_table_id = module.route-tables.public_route_table_id["public_rt1"] + subnet_id = module.subnets.public_subnets["pub_subnet_2"] + } + + } + # Accessing the first public subnet + + private_route_tables = { + private_rt1 = { + vpc_id = module.vpc.vpc_id["vpc"] + region = local.region + } + } + private_routes = { + private_route = { + type = "private" + route_table_id = module.route-tables.private_route_table_id["private_rt1"] # Syntax = module<[keyname]> + destination_cidr_block = "0.0.0.0/0" + nat_gateway_id = module.igw-nat.nat_id["main_nat"] + } + } + + private_route_table_associations = { + priv_rt1_subnet1 = { # unique key + route_table_id = module.route-tables.private_route_table_id["private_rt1"] + subnet_id = module.subnets.private_subnets["priv_subnet_1"] + } + priv_rt1_subnet2 = { + route_table_id = module.route-tables.private_route_table_id["private_rt1"] + subnet_id = module.subnets.private_subnets["priv_subnet_2"] + } + } +} + + + + +#################################################################### +# Internet Gateway and NAT Gateway +#################################################################### +module "igw-nat" { + source = "../../Modules/igw-nat" + eip = { + main_eip = { + region = local.region + tags = local.tags + } + } + + nat_gateway = { + main_nat = { + allocation_id = module.igw-nat.allocation_id["main_eip"] + subnet_id = module.subnets.public_subnets["pub_subnet_1"] # no need to add .id because it is already a string and established in the outputs + } + } + + internet_gateway = { + igw = { + vpc_id = module.vpc.vpc_id["vpc"] + tags = local.tags + } + } + name = local.global_name +} + + + + +#################################################################### +# Security Groups +#################################################################### +module "security-groups" { + source = "../../Modules/security-groups" + vpc_id = module.vpc.vpc_id["vpc"] + name = local.global_name + tags = local.tags + + security_group_description = "Security group for Smooth project" + + ingress_rules = [ + + { + type = "ingress" + from_port = 22 + to_port = 22 + protocol = "tcp" + description = "Allow SSH access" + cidr_blocks = ["0.0.0.0/0"] + }, + { + type = "ingress" + from_port = 80 + to_port = 80 + protocol = "tcp" + description = "Allow HTTP access" + cidr_blocks = ["0.0.0.0/0"] + }, + { + type = "ingress" + from_port = 443 + to_port = 443 + protocol = "tcp" + description = "Allow HTTPS access" + cidr_blocks = ["0.0.0.0/0"] + } + + ] + +} \ No newline at end of file diff --git a/VPC/Environment/test-v1/outputs.tf b/VPC/Environment/test-v1/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Environment/test-v1/providers.tf b/VPC/Environment/test-v1/providers.tf new file mode 100644 index 0000000..7eda631 --- /dev/null +++ b/VPC/Environment/test-v1/providers.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "6.0.0-beta2" + } + } + +} +provider "aws" { + region = local.region +} +## \ No newline at end of file diff --git a/VPC/Environment/test-v1/variables.tf b/VPC/Environment/test-v1/variables.tf new file mode 100644 index 0000000..99d22f9 --- /dev/null +++ b/VPC/Environment/test-v1/variables.tf @@ -0,0 +1,16 @@ + +########################################################## +# VPC +########################################################### +variable "name" { + description = "Global name for all resources" + type = string + default = "Tim" +} + +# variable "tags" { +# description = "Global tags to apply to all resources" +# type = map(string) +# default = {} +# } + diff --git a/VPC/Modules/.DS_Store b/VPC/Modules/.DS_Store new file mode 100644 index 0000000..3806447 Binary files /dev/null and b/VPC/Modules/.DS_Store differ diff --git a/VPC/Modules/Simple-VPC/.gitignore b/VPC/Modules/Simple-VPC/.gitignore new file mode 100644 index 0000000..11a858c --- /dev/null +++ b/VPC/Modules/Simple-VPC/.gitignore @@ -0,0 +1,45 @@ +# Local .terraform directories +**/.terraform/* +**/.terraform/ + + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store +**/.DS_Store/ +../.DS_Store \ No newline at end of file diff --git a/VPC/Modules/Simple-VPC/.terraform.lock.hcl b/VPC/Modules/Simple-VPC/.terraform.lock.hcl new file mode 100644 index 0000000..8a42b7f --- /dev/null +++ b/VPC/Modules/Simple-VPC/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "6.0.0-beta2" + constraints = "6.0.0-beta2" + hashes = [ + "h1:HUSfZFXOxU04oYqBSt4hwDecE5HRuExIYHEXZgelU/s=", + "zh:0ce9991734cbb33ef01b6034f9240a71c1d5de83b96b1c9bd04fdb90217e08a4", + "zh:3651f84c9b1a1ae49c9d93cf866e20547b5fe05b8347f535b297582ec24b271a", + "zh:4e52271e0b65ae1d06ef3e7faf0904c8c4df967424fca39ebfa566feda78533c", + "zh:619b2587d835e2547386cc139a264ce676812003869fb9dde62e91a7299d658f", + "zh:6ecb46509509a34af653aa64f0871460a738e7cce287ca147327f13b1f6038ba", + "zh:76555a37ba40a730c413e4b2dd77cefcac4a81d6f44b1fa50de116c5b8eee3fb", + "zh:7c33e147f7a2f59bc82b1ff20332596df329d7180f2ff1406aab0710742b4127", + "zh:7c8a24847bf4b573bf5db782e06fc252ca79899d892aa0a2ae4ee4cab55c7fd8", + "zh:828f1e40ec97227ca590292ed91b9e809150f8f5aa58b25f35d6291f7b6688c1", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9d6f6d1fa01ee87b3a2820f21f46204c89c22037a7838290d13d41ec29424639", + "zh:b77482d7947cd159d6c36083d3cbc0008ba5c479c5d143a4fff07abbfd9b54e1", + "zh:bb81fd7b8bd42b6a29f574c0eaa5b3b5faa904b62d844c0be4d8eea7a1bcde9d", + "zh:c200b02f1aaa0e82231553023619441e92def81b6248251bef021ec978bd6735", + "zh:e44c2d368db0bedd3d123f23ae0b96816d085e7da30736f2691b88c0318dfc79", + ] +} diff --git a/VPC/Modules/Simple-VPC/igw-nat.tf b/VPC/Modules/Simple-VPC/igw-nat.tf new file mode 100644 index 0000000..b79fede --- /dev/null +++ b/VPC/Modules/Simple-VPC/igw-nat.tf @@ -0,0 +1,49 @@ + +############################################################## +# Module: igw-nat +################################################################ +## Create IGW and NAT Gateway if the VPC is created and the respective subnet CIDR blocks are provided + + +locals { + create_igw = var.create_vpc && length(var.public_subnets_cidr_blocks) > 0 + create_nat_gateway = var.create_vpc && length(var.private_subnets_cidr_blocks) > 0 + create_eip = var.create_vpc && length(var.private_subnets_cidr_blocks) > 0 +} + +resource "aws_eip" "this_eip" { + count = local.create_eip ? 1 : 0 + + tags = merge( + { + Name = "${var.name}-nat-eip" + }, + var.tags + ) +} + +resource "aws_internet_gateway" "this_igw" { + count = local.create_igw ? 1 : 0 + vpc_id = aws_vpc.this_vpc[0].id + + tags = merge( + { + Name = "${var.name}-igw" + }, + var.tags + ) + +} + +resource "aws_nat_gateway" "this_nat" { + count = local.create_nat_gateway ? 1:0 + allocation_id = aws_eip.this_eip[0].id + subnet_id = aws_subnet.public_subnets[0].id + + tags = merge( + { + Name = "${var.name}-nat-gateway" + }, + var.tags + ) +} \ No newline at end of file diff --git a/VPC/Modules/Simple-VPC/ouputs.tf b/VPC/Modules/Simple-VPC/ouputs.tf new file mode 100644 index 0000000..a3b1d91 --- /dev/null +++ b/VPC/Modules/Simple-VPC/ouputs.tf @@ -0,0 +1,40 @@ +output "vpc_id" { + description = "The ID of the VPC" + value = aws_vpc.this_vpc[0].id +} + +output "vpc_cidr" { + description = "VPC CIDR" + value = aws_vpc.this_vpc[0].cidr_block +} +output "igw_id" { + description = "The ID of the Internet Gateway" + value = aws_internet_gateway.this_igw[0].id +} + +output "igw_arn" { + description = "The ARN of the Internet Gateway" + value = aws_internet_gateway.this_igw[0].arn +} +output "public_subnets" { + description = "List of IDs of public subnets" + value = aws_subnet.public_subnets[*].id +} +output "public_subnet_arns" { + description = "List of ARNs of public subnets" + value = aws_subnet.public_subnets[*].arn +} +output "public_subnets_cidr_blocks" { + description = "List of cidr_blocks of public subnets" + value = compact(aws_subnet.public_subnets[*].cidr_block) +} + +output "private_subnets" { + description = "List of IDs of private subnets" + value = aws_subnet.private_subnets[*].id +} + +output "private_subnets_cidr_blocks" { + description = "List of cidr_blocks of private subnets" + value = compact(aws_subnet.private_subnets[*].cidr_block) +} \ No newline at end of file diff --git a/VPC/Modules/Simple-VPC/private-subnets.tf b/VPC/Modules/Simple-VPC/private-subnets.tf new file mode 100644 index 0000000..7a6b5ee --- /dev/null +++ b/VPC/Modules/Simple-VPC/private-subnets.tf @@ -0,0 +1,23 @@ +########################################################################## +# Private Subnets +########################################################################## + +### Create private subnets if the list of CIDR blocks is not empty +locals { + create_private_subnets = length(var.private_subnets_cidr_blocks) > 0 +} + +resource "aws_subnet" "private_subnets" { + count = var.create_vpc ? length(var.private_subnets_cidr_blocks): 0 + map_public_ip_on_launch = var.map_public_ip_on_private_subs + vpc_id = aws_vpc.this_vpc[0].id + cidr_block = var.private_subnets_cidr_blocks[count.index] + availability_zone = var.availability_zones[count.index % length(var.availability_zones)] + + tags = merge( + { + Name = "${var.name}-private-subnet-${count.index + 1}" + }, + var.tags + ) +} \ No newline at end of file diff --git a/VPC/Modules/Simple-VPC/provider..tf b/VPC/Modules/Simple-VPC/provider..tf new file mode 100644 index 0000000..ca3b037 --- /dev/null +++ b/VPC/Modules/Simple-VPC/provider..tf @@ -0,0 +1,13 @@ +terraform { + required_version = ">= 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "6.0.0-beta2" + } + } +} + +provider "aws" { + region = "us-east-1" +} \ No newline at end of file diff --git a/VPC/Modules/Simple-VPC/public-subnets.tf b/VPC/Modules/Simple-VPC/public-subnets.tf new file mode 100644 index 0000000..5709863 --- /dev/null +++ b/VPC/Modules/Simple-VPC/public-subnets.tf @@ -0,0 +1,25 @@ +########################################################################## +# Public Subnets +########################################################################## + +## Create public subnets if the list of CIDR blocks is not empty +locals { + create_public_subnets = length(var.public_subnets_cidr_blocks) > 0 +} + +resource "aws_subnet" "public_subnets" { + count = var.create_vpc ? length(var.public_subnets_cidr_blocks) : 0 + vpc_id = aws_vpc.this_vpc[0].id + cidr_block = var.public_subnets_cidr_blocks[count.index] + availability_zone = var.availability_zones[count.index % length(var.availability_zones)] + + map_public_ip_on_launch = var.map_public_ip_on_launch + + tags = merge( + { + Name = "${var.name}-public-subnet-${count.index + 1}" + }, + var.tags + ) + +} \ No newline at end of file diff --git a/VPC/Modules/Simple-VPC/route-tables.tf b/VPC/Modules/Simple-VPC/route-tables.tf new file mode 100644 index 0000000..547c64c --- /dev/null +++ b/VPC/Modules/Simple-VPC/route-tables.tf @@ -0,0 +1,82 @@ +######################################################################### +# Route Tables for VPC +######################################################################### +locals{ + create_public_route_table = var.create_vpc && length(var.public_subnets_cidr_blocks) > 0 + create_private_route_table = var.create_vpc && length(var.private_subnets_cidr_blocks) > 0 + create_route_to_igw = var.create_vpc && var.create_igw && local.create_public_route_table + create_route_to_nat = var.create_vpc && var.create_nat && local.create_private_route_table + +} +######################################################################### +# Public RT and Rules +######################################################################### +resource "aws_route_table" "public" { + count = local.create_public_route_table ? 1:0 + vpc_id = aws_vpc.this_vpc[0].id + + tags = merge( + { + Name = "${var.name}-public-route-table" + }, + var.tags + ) +} +resource "aws_route" "public_internet_gateway" { + count = local.create_route_to_igw ? 1:0 + + route_table_id = aws_route_table.public[count.index].id + destination_cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.this_igw[0].id + + +} + +######################################################################### +# Public RT Association +######################################################################### +resource "aws_route_table_association" "public_association" { + count = local.create_public_subnets ? length(aws_subnet.public_subnets) : 0 + + subnet_id = element(aws_subnet.public_subnets[*].id, count.index) + route_table_id = aws_route_table.public[0].id + +} + + +######################################################################### +# Private RT and Rules +######################################################################### + +resource "aws_route_table" "private" { + count = local.create_private_route_table ? 1:0 + vpc_id = aws_vpc.this_vpc[0].id + + tags = merge( + { + Name = "${var.name}-private-route-table" + }, + var.tags + ) +} + + +resource "aws_route" "private_nat_gateway" { + count = local.create_private_route_table ? 1 : 0 + + route_table_id = aws_route_table.private[count.index].id + destination_cidr_block = "0.0.0.0/0" + nat_gateway_id = aws_nat_gateway.this_nat[0].id + +} + +######################################################################### +# Private RT Association +######################################################################### +resource "aws_route_table_association" "private_association" { + count = local.create_private_subnets ? length(aws_subnet.private_subnets) : 0 + + subnet_id = element(aws_subnet.private_subnets[*].id, count.index) + route_table_id = aws_route_table.private[0].id + +} \ No newline at end of file diff --git a/VPC/Modules/Simple-VPC/variables.tf b/VPC/Modules/Simple-VPC/variables.tf new file mode 100644 index 0000000..7d57e66 --- /dev/null +++ b/VPC/Modules/Simple-VPC/variables.tf @@ -0,0 +1,82 @@ +variable "create_vpc" { + description = "Create a new VPC" + type = bool + default = true + +} + +variable "vpc_cidr" { + description = "CIDR block for the VPC" + type = string + default = "" +} + +variable "enable_dns_hostnames" { + description = "Enable DNS hostnames in the VPC" + type = bool + default = true +} + +variable "enable_dns_support" { + description = "Enable DNS support in the VPC" + type = bool + default = true +} + +variable "public_subnets_cidr_blocks" { + description = "List of CIDR blocks for public subnets" + type = list(string) + default = [""] + +} + +variable "availability_zones" { + description = "List of availability zones for the VPC" + type = list(string) + default = [""] + +} + +variable "map_public_ip_on_launch" { + description = "Map public IP on launch for public subnets" + type = bool + default = true + +} + +variable "map_public_ip_on_private_subs" { + description = "Map public IP on launch for public subnets" + type = bool + default = false + +} + +######### private subnets ######### +variable "private_subnets_cidr_blocks" { + description = "List of private subnets CIDR blocks" + type = list(string) + default = [""] +} + +######### NAT/ IGW ############# +variable "create_nat" { + description = "Create a NAT Gateway" + type = bool + default = true +} +variable "create_igw" { + description = "Create an Internet Gateway" + type = bool + default = true +} +variable "tags"{ + description = "tags for each resource" + type = map(string) + default = {} + } + variable "name" { + description = "universal name" + type = string + default = "" + } + diff --git a/VPC/Modules/Simple-VPC/vpc-flowlogs.tf b/VPC/Modules/Simple-VPC/vpc-flowlogs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Modules/Simple-VPC/vpc.tf b/VPC/Modules/Simple-VPC/vpc.tf new file mode 100644 index 0000000..055d26a --- /dev/null +++ b/VPC/Modules/Simple-VPC/vpc.tf @@ -0,0 +1,18 @@ +########################################################################## +# VPC Configuration +########################################################################## + + +resource "aws_vpc" "this_vpc" { + count = var.create_vpc ? 1: 0 + cidr_block = var.vpc_cidr + enable_dns_support = var.enable_dns_support + enable_dns_hostnames = var.enable_dns_hostnames + + tags = merge( + { + Name = "${var.name}-vpc" + }, + var.tags + ) +} \ No newline at end of file diff --git a/VPC/Modules/VPC/.gitignore b/VPC/Modules/VPC/.gitignore new file mode 100644 index 0000000..11a858c --- /dev/null +++ b/VPC/Modules/VPC/.gitignore @@ -0,0 +1,45 @@ +# Local .terraform directories +**/.terraform/* +**/.terraform/ + + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store +**/.DS_Store/ +../.DS_Store \ No newline at end of file diff --git a/VPC/Modules/VPC/main.tf b/VPC/Modules/VPC/main.tf new file mode 100644 index 0000000..e89115a --- /dev/null +++ b/VPC/Modules/VPC/main.tf @@ -0,0 +1,22 @@ +########################################################################### +# VPC Configuration +########################################################################## + + + +resource "aws_vpc" "this_vpc" { + for_each = var.vpc_attributes + # provider = each.value.region == "us-east-1" ? aws.us-east : aws.us-west + cidr_block = each.value.cidr_block + enable_dns_support = each.value.enable_dns_support + enable_dns_hostnames = each.value.enable_dns_hostnames + region = each.value.region + + tags = merge( + { + Name = lookup(each.value, "name", "-${each.key}") + }, + var.tags + ) +} + diff --git a/VPC/Modules/VPC/outputs.tf b/VPC/Modules/VPC/outputs.tf new file mode 100644 index 0000000..a5a403a --- /dev/null +++ b/VPC/Modules/VPC/outputs.tf @@ -0,0 +1,34 @@ +### +output "vpc_id" { + description = "VPC ID" + value = {for k, v in aws_vpc.this_vpc : k => v.id} + +} + +output "vpc_cidr" { + description = "VPC CIDR" + value = {for k, v in aws_vpc.this_vpc : k => v.cidr_block} + +} + +# output "name" { +# description = "VPC ARN" +# value = var.name +# } + + + +# output "vpc_cidr" { +# description = "VPC CIDR" +# value = aws_vpc.this_vpc.cidr_block +# } + +# output "vpc_id" { +# description = "VPC ID" +# value = aws_vpc.this_vpc.id +# } + +# output "vpc_arn" { +# description = "VPC ARN" +# value = aws_vpc.this_vpc.arn +# } diff --git a/VPC/Modules/VPC/variables.tf b/VPC/Modules/VPC/variables.tf new file mode 100644 index 0000000..185f785 --- /dev/null +++ b/VPC/Modules/VPC/variables.tf @@ -0,0 +1,42 @@ + +# variable "name" { +# type = string +# } + + + +variable "tags" { + description = "Global tags to apply to all resources" + type = map(string) + default = {} +} + +variable "vpc_attributes" { + description = "Additional attributes for the VPC" + type = map(object({ + cidr_block = string + enable_dns_support = bool + enable_dns_hostnames = bool + region = string + name = string + })) + +} + +# variable "vpc_cidr" { +# description = "VPC CIDR" +# type = string +# default = "" +# } + +# variable "enable_dns_support" { +# description = "Enable DNS Support for VPC" +# type = bool +# default = true +# } + +# variable "enable_dns_hostnames" { +# description = "Enable Hostnames for VPC" +# type = bool +# default = true +# } \ No newline at end of file diff --git a/VPC/Modules/igw-nat/.gitignore b/VPC/Modules/igw-nat/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VPC/Modules/igw-nat/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC/Modules/igw-nat/main.tf b/VPC/Modules/igw-nat/main.tf new file mode 100644 index 0000000..4905e0d --- /dev/null +++ b/VPC/Modules/igw-nat/main.tf @@ -0,0 +1,110 @@ + +############################################################## +# Module: igw-nat +################################################################ +## Create IGW and NAT Gateway if the VPC is created and the respective subnet CIDR blocks are provided + + +################################################################### +# Elastic IP for NAT Gateways +##################################################################### +resource "aws_eip" "this_eip" { + for_each = var.eip + + tags = merge( + { + Name = "${var.name}-nat-eip" + }, + var.tags + ) +} + + +#################################################################### +# Internet Gateway +#################################################################### +resource "aws_internet_gateway" "this_igw" { + for_each = var.internet_gateway + vpc_id = each.value.vpc_id + tags = merge( + { + Name = "${var.name}-igw" + }, + var.tags + + ) +} + ############################################################# + # NAT Gateways + ############################################################# + +resource aws_nat_gateway "this_nat"{ + for_each = var.nat_gateway + allocation_id = each.value.allocation_id + subnet_id = each.value.subnet_id + tags = merge( + { + Name = "${var.name}-nat-gateway" + }, + var.tags + + ) +} + + + + + + + + + + + + + + + + +# locals { +# create_igw = length(var.public_subnets_cidr_blocks) > 0 +# create_nat_gateway = length(var.private_subnets_cidr_blocks) > 0 +# create_eip = length(var.private_subnets_cidr_blocks) > 0 +# } + +# resource "aws_eip" "this_eip" { +# count = local.create_eip ? 1 : 0 + +# tags = merge( +# { +# Name = "${var.name}-nat-eip" +# }, +# var.tags +# ) +# } + +# resource "aws_internet_gateway" "this_igw" { +# count = local.create_igw ? 1 : 0 +# vpc_id = var.vpc_id + +# tags = merge( +# { +# Name = "${var.name}-igw" +# }, +# var.tags +# ) + +# } + +# resource "aws_nat_gateway" "this_nat" { +# count = local.create_nat_gateway ? 1:0 +# allocation_id = aws_eip.this_eip[0].id +# subnet_id = var.public_subnets[0] # Assuming the first public subnet is used for the NAT Gateway + +# tags = merge( +# { +# Name = "${var.name}-nat-gateway" +# }, +# var.tags +# ) +# } \ No newline at end of file diff --git a/VPC/Modules/igw-nat/outputs.tf b/VPC/Modules/igw-nat/outputs.tf new file mode 100644 index 0000000..c975f44 --- /dev/null +++ b/VPC/Modules/igw-nat/outputs.tf @@ -0,0 +1,42 @@ +### + +output "igw_id" { + description = "The ID of the Internet Gateway" + value = {for k, v in aws_internet_gateway.this_igw : k => v.id} + +} + +output "nat_id" { + description = "The ID of the NAT Gateway" + value = {for k, v in aws_nat_gateway.this_nat : k => v.id} + +} + + + +output "allocation_id" { + description = "The ID of the EIP" + value = {for k, v in aws_eip.this_eip : k => v.id} +} + + + + + + + + + + + + + +# output "igw_id" { +# description = "The ID of the Internet Gateway" +# value = aws_internet_gateway.this_igw[0].id +# } + +# output "nat_id" { +# description = "The ID of the NAT Gateway" +# value = aws_nat_gateway.this_nat[0].id +# } \ No newline at end of file diff --git a/VPC/Modules/igw-nat/variables.tf b/VPC/Modules/igw-nat/variables.tf new file mode 100644 index 0000000..3da72d3 --- /dev/null +++ b/VPC/Modules/igw-nat/variables.tf @@ -0,0 +1,55 @@ +## +variable "tags" { + description = "Global tags to apply to all resources" + type = map(string) + default = {} +} + +variable "name" { + description = "Global name for all resources" + type = string + +} +variable "eip" { + description = "EIP for NAT Gateway" + type = map(object({ + region = optional(string) + tags = optional(map(string)) # Optional tags for the EIP + domain = optional(string) # Indicates if this EIP is for use in VPC (vpc) + instance_id = optional(string) # EC2 instance ID for EIP association + network_interface_id = optional(string) # Network interface ID for EIP association + + })) + +} + +variable "nat_gateway" { + description = "Map of NAT Gateway configurations" + type = map(object({ + allocation_id = string + subnet_id = string + tags = optional(map(string)) # Optional tags for the NAT Gateway + })) +} + +variable "internet_gateway" { + description = "Map of Internet Gateway configurations" + type = map(object({ + vpc_id = string + tags = optional(map(string)) # Optional tags for the Internet Gateway + + })) + +} + + + + + + + + + + + + diff --git a/VPC/Modules/route-tables/.gitignore b/VPC/Modules/route-tables/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VPC/Modules/route-tables/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC/Modules/route-tables/main.tf b/VPC/Modules/route-tables/main.tf new file mode 100644 index 0000000..56fca5d --- /dev/null +++ b/VPC/Modules/route-tables/main.tf @@ -0,0 +1,233 @@ +######################################################################### +# Route Tables for VPC +# ######################################################################### + +######################################################################### +# Public RT and Rules +########################################################################## + + + +resource "aws_route_table" "public" { + for_each = var.public_route_tables + vpc_id = each.value.vpc_id + region = each.value.region + tags = merge( + { + Name = "${var.name}-public-route-table" + }, + var.tags + ) +} + +resource aws_route "public_routes" { + for_each = var.public_routes + + route_table_id = each.value.route_table_id + destination_cidr_block = each.value.destination_cidr_block + gateway_id = lookup(each.value, "gateway_id", null) + nat_gateway_id = lookup(each.value, "nat_gateway_id", null) + vpc_peering_connection_id = lookup(each.value, "vpc_peering_connection_id", null) + transit_gateway_id = lookup(each.value, "transit_gateway_id", null) + + depends_on = [aws_route_table.public ] + +} + + +######################################################################### +# Public RT Association +######################################################################### + +resource "aws_route_table_association" "public_association" { + for_each = var.public_route_table_associations + subnet_id = each.value.subnet_id + route_table_id = each.value.route_table_id +} + +######################################################################### +# Private RT and Rules +######################################################################### + +resource "aws_route_table" "private" { + for_each = var.private_route_tables + vpc_id = each.value.vpc_id + region = each.value.region + tags = merge( + { + Name = "${var.name}-private-route-table" + }, + var.tags + ) +} +resource "aws_route" "private_routes" { + for_each = var.private_routes + route_table_id = each.value.route_table_id + destination_cidr_block = each.value.destination_cidr_block + gateway_id = lookup(each.value, "gateway_id", null) + nat_gateway_id = lookup(each.value, "nat_gateway_id", null) + vpc_peering_connection_id = lookup(each.value, "vpc_peering_connection_id", null) + transit_gateway_id = lookup(each.value, "transit_gateway_id", null) + + + + depends_on = [aws_route_table.private ] +} + +######################################################################### +# Private RT Association +######################################################################### + +resource "aws_route_table_association" "private_association" { + for_each = var.private_route_table_associations + subnet_id = each.value.subnet_id + route_table_id = each.value.route_table_id +} + + + + + + + + + + + + + + + + +########################################################################### +# Old Code for Public and Private Route Tables +########################################################################### + +# resource "aws_route_table_association" "private_association" { +# for_each = toset(var.private_route_table_associations) +# subnet_id = each.value +# route_table_id = aws_route_table.private[each.key] + +# depends_on = [aws_route_table.private ] +# } + + + +# resource "aws_route_table_association" "public_association" { +# for_each = toset(var.public_route_table_associations) +# subnet_id = each.value +# route_table_id = each.value.route_table_id + + +# depends_on = [aws_route_table.public ] +# } + + + + + + + +# locals{ +# create_public_route_table = length(var.public_subnets_cidr_blocks) > 0 +# create_private_route_table = length(var.private_subnets_cidr_blocks) > 0 +# create_route_to_igw = local.create_public_route_table +# create_route_to_nat = local.create_private_route_table + + + +# } + + +######################################################################### +# Old Code for Public and Private Route Tables +######################################################################### + +# resource "aws_route_table" "public" { +# count = local.create_public_route_table ? 1:0 +# vpc_id = var.vpc_id + +# tags = merge( +# { +# Name = "${var.name}-public-route-table" +# }, +# var.tags +# ) +# } + +# resource "aws_route" "public_internet_gateway" { +# count = local.create_route_to_igw ? 1:0 + +# route_table_id = aws_route_table.public[count.index].id +# destination_cidr_block = "0.0.0.0/0" +# gateway_id = var.igw_id + + +# } + + + + + + + + + + + + + + + + + + + + +# resource "aws_route_table" "private" { +# for_each = local.create_private_route_table ? toset(["private"]) : toset([]) + +# vpc_id = var.vpc_id + +# tags = merge( +# { +# Name = "${var.name}-private-route-table" +# }, +# var.tags +# ) +# } + + + +# resource "aws_route_table" "private" { +# count = local.create_private_route_table ? 1:0 +# vpc_id = var.vpc_id + +# tags = merge( +# { +# Name = "${var.name}-private-route-table" +# }, +# var.tags +# ) +# } + + +# resource "aws_route" "private_nat_gateway" { +# count = local.create_private_route_table ? 1 : 0 + +# route_table_id = aws_route_table.private[count.index].id +# destination_cidr_block = "0.0.0.0/0" +# nat_gateway_id = var.nat_id + +# } + +######################################################################### +# Private RT Association +######################################################################### +# resource "aws_route_table_association" "private_association" { +# count = var.create_private_subnets ? length(var.private_subnets) : 0 + +# subnet_id = var.private_subnets[count.index] +# route_table_id = aws_route_table.private[0].id + +# } \ No newline at end of file diff --git a/VPC/Modules/route-tables/outputs.tf b/VPC/Modules/route-tables/outputs.tf new file mode 100644 index 0000000..5fb7898 --- /dev/null +++ b/VPC/Modules/route-tables/outputs.tf @@ -0,0 +1,11 @@ +### + +output "public_route_table_id" { + description = "ID of the route table" + value = {for k, v in aws_route_table.public : k =>v.id} +} + +output "private_route_table_id" { + description = "ID of the route table" + value = {for k, v in aws_route_table.private : k => v.id} +} \ No newline at end of file diff --git a/VPC/Modules/route-tables/variables.tf b/VPC/Modules/route-tables/variables.tf new file mode 100644 index 0000000..793b1a9 --- /dev/null +++ b/VPC/Modules/route-tables/variables.tf @@ -0,0 +1,156 @@ +## +variable "tags" { + description = "Global tags to apply to all resources" + type = map(string) + default = {} +} + + +variable "name" { + description = "Global name for all resources" + type = string + default = "" +} + + +##################################### +# Public Route Tables +##################################### + +variable "public_route_tables" { + description = "Map of public route tables" + type = map(object({ + vpc_id = string + region = optional(string, null) # Optional region for the route table + + })) +} + + +##################################### +# Public Routes +##################################### +variable "public_routes" { + description = "Dynamically create routes for the route table" + type = map(object({ + type = optional(string, "public") # Default to public if not specified + route_table_id = string + destination_cidr_block = string + gateway_id = optional(string, null) + nat_gateway_id = optional(string, null) + vpc_peering_connection_id = optional(string, null) + transit_gateway_id = optional(string, null) + + })) +} + +##################################### +# Public Route Table Associations +##################################### +variable "public_route_table_associations" { + description = "Map of public route table associations" + type = map(object({ + route_table_id = string + subnet_id = string + })) +} + + + +##################################### +# Private Route Tables +##################################### + +variable "private_route_tables" { + description = "Map of private route tables" + type = map(object({ + vpc_id = string + region = optional(string, null) # Optional region for the route table + + })) + +} + +##################################### +# Private Route Table Associations +##################################### + +variable "private_route_table_associations" { + description = "Map of private route table associations" + type =map(object({ + route_table_id = string + subnet_id = string + })) +} + +##################################### +# Private Routes +##################################### +variable "private_routes" { + description = "Dynamically create routes for the route table" + type = map(object({ + type = optional(string, "public") # Default to public if not specified + route_table_id = optional(string, null) + destination_cidr_block = string + gateway_id = optional(string, null) + nat_gateway_id = optional(string, null) + vpc_peering_connection_id = optional(string, null) + transit_gateway_id = optional(string, null) + + })) +} + + +############################################## +# Old Variables for Public and Private Subnets +############################################## + +# variable "public_subnets" { +# description = "List of IDs of public subnets" +# type = list(string) +# } + +# variable "private_subnets" { +# description = "List of IDs of private subnets" +# type = list(string) + +# } +# variable "create_public_subnets" { +# description = "value of create_public_subnets local variable" +# type = string + +# } + +# variable "create_private_subnets" { +# description = "value of create_private_subnets local variable" +# type = string + +# } + + +# variable "vpc_id" { +# description = "VPC ID" +# type = string +# } + +# variable "igw_id" { +# description = "Internet Gateway ID" +# type = string +# } + +# variable "nat_id" { +# description = "NAT Gateway ID" +# type = string +# } +# variable "public_subnets_cidr_blocks" { +# description = "List of CIDR blocks for public subnets" +# type = list(string) +# default = [""] + +# } +# variable "private_subnets_cidr_blocks" { +# description = "List of CIDR blocks for private_ subnets" +# type = list(string) +# default = [""] + +# } \ No newline at end of file diff --git a/VPC/Modules/security-groups/.gitignore b/VPC/Modules/security-groups/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VPC/Modules/security-groups/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC/Modules/security-groups/README.MD b/VPC/Modules/security-groups/README.MD new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Modules/security-groups/main.tf b/VPC/Modules/security-groups/main.tf new file mode 100644 index 0000000..8beca7c --- /dev/null +++ b/VPC/Modules/security-groups/main.tf @@ -0,0 +1,145 @@ +###################################################################### +### Security Group ### +####################################################################### + + +resource "aws_security_group" "this" { + for_each = var.security_groups + vpc_id = each.value.vpc_id + description = each.value.description +} + + + +resource "aws_security_group_rule" "this" { + for_each = var.ingress_rules + type = each.value.type + from_port = each.value.from_port + to_port = each.value.to_port + protocol = each.value.protocol + security_group_id = each.value.security_group_id + cidr_blocks = each.value.cidr_blocks + + +} + +resource "aws_vpc_security_group_egress_rule" "this" { + for_each = var.egress_rules + security_group_id = each.value.security_group_id + + cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr + ip_protocol = "-1" + +} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +# resource "aws_security_group" "this_sg" { +# vpc_id = var.vpc_id +# # provider = each.value.region == "us-east-1" ? aws.us-east : aws.us-west +# description = var.security_group_description +# tags = merge( +# { +# Name = "${var.name}-sg" +# }, +# var.tags +# ) +# } + + + + +# resource "aws_security_group_rule" "ingress" { + +# for_each = { +# for i, rule in var.ingress_rules : "rule-${i}" => rule +# } + +# type = "ingress" +# from_port = each.value.from_port +# to_port = each.value.to_port +# protocol = each.value.protocol +# description = each.value.description +# cidr_blocks = lookup(each.value, "cidr_blocks", []) +# security_group_id = aws_security_group.this_sg.id +# } + + + + + + + + + + + + + + + + + + + + + + + + +# resource "aws_security_group_rule" "ingress" { +# for_each = var.ingress_rules +# type = "ingress" +# from_port = each.value.from_port +# to_port = each.value.to_port +# protocol = each.value.protocol +# security_group_id = aws_security_group.this_sg.id +# cidr_blocks = [each.value.cidr_blocks] + +# description = each.value.description + +# depends_on = [ aws_security_group.this_sg ] +# } + diff --git a/VPC/Modules/security-groups/outputs.tf b/VPC/Modules/security-groups/outputs.tf new file mode 100644 index 0000000..57d54c1 --- /dev/null +++ b/VPC/Modules/security-groups/outputs.tf @@ -0,0 +1,4 @@ +output "security_group_ids" { + description = "List of all security group IDs" + value = {for k, v in aws_security_group.this : k => v.id} +} diff --git a/VPC/Modules/security-groups/variables.tf b/VPC/Modules/security-groups/variables.tf new file mode 100644 index 0000000..caf35f1 --- /dev/null +++ b/VPC/Modules/security-groups/variables.tf @@ -0,0 +1,112 @@ +variable "name" { + description = "Global name" + type = string + +} + +variable "tags" { + description = "Tags for the resources" + type = map(string) + default = {} + +} + + +variable "security_groups" { + description = "Map of secruity groups to create" + type = map(object({ + vpc_id = string + description = string + })) +} + +variable "ingress_rules" { + description = "Map of ingress rules" + type = map(object({ + description = optional(string) + type = string + from_port = number + protocol = string + to_port = number + cidr_blocks = list(string) + security_group_id = string + + })) +} + +variable "egress_rules" { + description = "Map of ingress rules" + type = map(object({ + security_group_id = string + + })) +} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +# variable "vpc_id" { +# description = "VPC ID" +# type = string + +# } + +# variable "security_group_description" { +# description = "description for the security group" +# type = string + +# } + + +# variable "ingress_rules" { +# description = "List of ingress rules" +# type = list(object({ + +# from_port = number +# to_port = number +# protocol = string +# description = string +# cidr_blocks = optional(list(string), []) +# })) +# } + + + + diff --git a/VPC/Modules/subnets/.gitignore b/VPC/Modules/subnets/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VPC/Modules/subnets/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC/Modules/subnets/outputs.tf b/VPC/Modules/subnets/outputs.tf new file mode 100644 index 0000000..0846d28 --- /dev/null +++ b/VPC/Modules/subnets/outputs.tf @@ -0,0 +1,31 @@ + +### +output "public_subnets_cidr_blocks" { + description = "values of public subnets CIDR blocks" + value = {for k, v in aws_subnet.public_subnets : k => v.cidr_block} +} + + +output "private_subnets_cidr_blocks" { + description = "values of private subnets CIDR blocks" + value = {for k, v in aws_subnet.private_subnets : k => v.cidr_block} +} + +output "public_subnets" { + description = "List of IDs of public subnets" + value = {for k, v in aws_subnet.public_subnets : k => v.id} +} + +output "private_subnets" { + description = "List of IDs of private subnets" + value = {for k, v in aws_subnet.private_subnets : k => v.id} +} +output "public_subnet_arns" { + description = "List of ARNs of public subnets" + value = {for k, v in aws_subnet.public_subnets : k => v.arn} +} + +output "private_subnets_arns" { + description = "List of ARNs of private subnets" + value = {for k, v in aws_subnet.private_subnets : k => v.arn} +} diff --git a/VPC/Modules/subnets/private.tf b/VPC/Modules/subnets/private.tf new file mode 100644 index 0000000..0ef82f7 --- /dev/null +++ b/VPC/Modules/subnets/private.tf @@ -0,0 +1,51 @@ +########################################################################## +# Private Subnets +########################################################################### + + + + +resource "aws_subnet" "private_subnets" { + for_each = var.private_subnets + # provider = each.value.region == "us-east-1" ? aws.us-east : aws.us-west + vpc_id = each.value.vpc_id + cidr_block = each.value.cidr_block[0] + availability_zone = each.value.availability_zone[0] + map_public_ip_on_launch = each.value.map_public_ip_on_launch + + tags = merge( + { + Name = "${var.name}-${each.key}" + }, + var.tags + ) + +} + + + + + + + + +### Create private subnets if the list of CIDR blocks is not empty +# locals { +# create_private_subnets = length(var.private_subnets_cidr_blocks) > 0 + +# } + +# resource "aws_subnet" "private_subnets" { +# count = var.create_private_subnets ? length(var.private_subnets_cidr_blocks) : 0 +# map_public_ip_on_launch = var.map_public_ip_on_private_subs +# vpc_id =var.vpc_id +# cidr_block = var.private_subnets_cidr_blocks[count.index] +# availability_zone = var.availability_zones[count.index % length(var.availability_zones)] + +# tags = merge( +# { +# Name = "${var.name}private-subnet-${count.index + 1}" +# }, +# var.tags +# ) +# } \ No newline at end of file diff --git a/VPC/Modules/subnets/public.tf b/VPC/Modules/subnets/public.tf new file mode 100644 index 0000000..c5976bc --- /dev/null +++ b/VPC/Modules/subnets/public.tf @@ -0,0 +1,44 @@ +########################################################################## +# Public Subnets +########################################################################### + +## Create public subnets if the list of CIDR blocks is not empty +# locals { +# create_public_subnets = length(var.public_subnets_cidr_blocks) > 0 +# } + + + +resource "aws_subnet" "public_subnets" { + for_each = var.public_subnets + # provider = each.value.region == "us-east-1" ? aws.us-east : aws.us-west + vpc_id = each.value.vpc_id + cidr_block = each.value.cidr_block[0] + availability_zone = each.value.availability_zone[0] + map_public_ip_on_launch = each.value.map_public_ip_on_launch + + tags = merge( + { + Name = "${var.name}-${each.key}" + }, + var.tags + ) +} + + +# resource "aws_subnet" "public_subnets" { +# count = var.create_pub_subs ? length(var.public_subnets_cidr_blocks) : 0 +# vpc_id = var.vpc_id +# cidr_block = var.public_subnets_cidr_blocks[count.index] +# availability_zone = var.availability_zones[count.index % length(var.availability_zones)] + +# map_public_ip_on_launch = var.map_public_ip_on_launch + +# tags = merge( +# { +# Name = "${var.name}public-subnet-${count.index + 1}" +# }, +# var.tags +# ) + +# } \ No newline at end of file diff --git a/VPC/Modules/subnets/variables.tf b/VPC/Modules/subnets/variables.tf new file mode 100644 index 0000000..28eca71 --- /dev/null +++ b/VPC/Modules/subnets/variables.tf @@ -0,0 +1,82 @@ + +## +variable "name" { + description = "Global name for all resources" + type = string + default = "" +} + + +variable "public_subnets" { + description = "Map of public subnets" + type = map(object({ + cidr_block = list(string) + availability_zone = list(string) + map_public_ip_on_launch = bool + vpc_id = string + })) +} + +variable "private_subnets" { + description = "Map of private subnets" + type = map(object({ + cidr_block = list(string) + availability_zone = list(string) + map_public_ip_on_launch = bool + vpc_id = string + })) +} +variable "tags" { + description = "Global tags to apply to all resources" + type = map(string) + default = {} +} + +# variable "vpc_id" { +# description = "VPC ID" +# type = string +# } +#variable "public_subnets_cidr_blocks" { +# description = "List of CIDR blocks for public subnets" +# type = list(string) +# default = [""] + +# } + +# variable "availability_zones" { +# description = "List of availability zones for the VPC" +# type = list(string) +# default = [""] + +# } + +# variable "map_public_ip_on_launch" { +# description = "Map public IP on launch for public subnets" +# type = bool +# default = true + +# } + +# variable "map_public_ip_on_private_subs" { +# description = "Map public IP on launch for public subnets" +# type = bool +# default = false + +# } + +######## private subnets ######### + + + +# variable "create_private_subnets" { +# description = "Bool to create private subnets" +# type = bool +# default = true +# } + +# variable "private_subnets_cidr_blocks" { +# description = "List of private subnets CIDR blocks" +# type = list(string) +# default = [""] +# } + diff --git a/VPC/Modules/vpc-flowlogs/.gitignore b/VPC/Modules/vpc-flowlogs/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VPC/Modules/vpc-flowlogs/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC/Modules/vpc-flowlogs/main.tf b/VPC/Modules/vpc-flowlogs/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Modules/vpc-flowlogs/outputs.tf b/VPC/Modules/vpc-flowlogs/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Modules/vpc-flowlogs/variables.tf b/VPC/Modules/vpc-flowlogs/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC/README.MD b/VPC/README.MD new file mode 100644 index 0000000..48ff1b2 --- /dev/null +++ b/VPC/README.MD @@ -0,0 +1,42 @@ +# 🧱 AWS VPC Terraform Module + +This is a reusable and extensible **Terraform module** for provisioning a secure and scalable **AWS Virtual Private Cloud (VPC)**. It acts as the **foundation** for the AWS side of the [Multi-Cloud-Networking-Module](https://github.com/YOUR_USERNAME/Multi-Cloud-Networking-Module), serving as a core dependency for peering, VPN, and transit gateway modules. + +--- + +## 🎯 Purpose + +This module was designed to: + +- Standardize AWS VPC creation across environments +- Serve as the **base layer** for multi-cloud connectivity +- Incorporate **intermediate to advanced Terraform patterns** to enable flexibility, composability, and modular reuse +- Continuously evolve as new networking patterns emerge + +--- + +## ⚙️ Features + +- VPC creation with configurable CIDR block +- Public, private, and database subnets with NAT gateway support +- Route table management and IGW/NAT configuration +- Optional VPC endpoints and DNS support +- Flexible subnet grouping via dynamic blocks +- Use of **locals**, **count**, **conditional logic**, and **dynamic blocks** + +--- + +## 🧠 Terraform Concepts Used + +This module demonstrates intermediate to advanced usage of: + +- `count` and `for_each` for resource control +- `locals` for centralized logic and derived values +- `dynamic` blocks for on-demand subnet generation +- Conditional logic inside locals for flexible configurations +- Parameterized design for reuse across environments (`dev`, `test`, `prod`) + +--- + + + diff --git a/Vnet-Peering/.DS_Store b/Vnet-Peering/.DS_Store new file mode 100644 index 0000000..2d43a31 Binary files /dev/null and b/Vnet-Peering/.DS_Store differ diff --git a/Vnet-Peering/.gitignore b/Vnet-Peering/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/Vnet-Peering/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/Vnet-Peering/Environments/.DS_Store b/Vnet-Peering/Environments/.DS_Store new file mode 100644 index 0000000..8037b23 Binary files /dev/null and b/Vnet-Peering/Environments/.DS_Store differ diff --git a/Vnet-Peering/Environments/dev/.gitignore b/Vnet-Peering/Environments/dev/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/Vnet-Peering/Environments/dev/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/Vnet-Peering/Environments/prod/.gitignore b/Vnet-Peering/Environments/prod/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/Vnet-Peering/Environments/prod/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/Vnet-Peering/Environments/test/.gitignore b/Vnet-Peering/Environments/test/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/Vnet-Peering/Environments/test/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/Vnet-Peering/Environments/test/.terraform.lock.hcl b/Vnet-Peering/Environments/test/.terraform.lock.hcl new file mode 100644 index 0000000..e8306bb --- /dev/null +++ b/Vnet-Peering/Environments/test/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "4.34.0" + constraints = "4.34.0" + hashes = [ + "h1:gaDqI1j1w6sGScP7Gs0xg5pcjMlRmZjP5lvH6PoiW2A=", + "zh:07838a6b64533d70d441ebb61b04fe2a801e3c8d111af2bd7813385ed9baf778", + "zh:27e2793081c363000bd41ea75f9e5eb0c368d01a65f1e2237b8f52651374874f", + "zh:2f1a5a270c69902c676360bc00e82d7a77968b2d9c5085167b816adbc9a3afd6", + "zh:347fb015ef69520e7a374206411020546d4cd32c64dcdb01409b09a6ccb8a4ad", + "zh:34fc3c1c8a194169fab5ccc449fa8ebbd625f4bfde057b020e27661a29a6ba04", + "zh:43675af15ac12a1b36f5eb2913f9a02388f8d965ebb5a15d309014aafe395eda", + "zh:4b3f06305a9299a224967e30991554bcc19d9f78bdb22b7b02545810218eb195", + "zh:8e43e2ad4f23cc8e0e1f51cdf19c0452ba97393958508e278a2bc135e28b2bbf", + "zh:a9757211de25ebbda695913d6a7fb8e9ab796b9d406c980ba51d0ba9470111fd", + "zh:d6c47eb39a51c18a680b0b13b952f1b8f3f6ca3d7f5ad6c77e279068bd457fc8", + "zh:dd2ec26453b0f28436003d50a0d174fbc19913158b17da3c6b897540c957bd9b", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/Vnet-Peering/Environments/test/.terraform/modules/modules.json b/Vnet-Peering/Environments/test/.terraform/modules/modules.json new file mode 100644 index 0000000..e014f2d --- /dev/null +++ b/Vnet-Peering/Environments/test/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"linux_vm","Source":"../../../virtual-machines/Azure/Linux-VM","Dir":"../../../virtual-machines/Azure/Linux-VM"},{"Key":"peerings","Source":"../../../Vnet-Peering/modules/peering-connection","Dir":"../../../Vnet-Peering/modules/peering-connection"},{"Key":"resource_group","Source":"../../../VNET/modules/resource-group","Dir":"../../../VNET/modules/resource-group"},{"Key":"subnets","Source":"../../../VNET/modules/subnet","Dir":"../../../VNET/modules/subnet"},{"Key":"virtual_network","Source":"../../../VNET/modules/virtual-network","Dir":"../../../VNET/modules/virtual-network"}]} \ No newline at end of file diff --git a/Vnet-Peering/Environments/test/.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.34.0/darwin_arm64/LICENSE.txt b/Vnet-Peering/Environments/test/.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.34.0/darwin_arm64/LICENSE.txt new file mode 100644 index 0000000..b9ac071 --- /dev/null +++ b/Vnet-Peering/Environments/test/.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.34.0/darwin_arm64/LICENSE.txt @@ -0,0 +1,375 @@ +Copyright (c) 2017 HashiCorp, Inc. + +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/Vnet-Peering/Environments/test/.terraform/terraform.tfstate b/Vnet-Peering/Environments/test/.terraform/terraform.tfstate new file mode 100644 index 0000000..d6bb3f5 --- /dev/null +++ b/Vnet-Peering/Environments/test/.terraform/terraform.tfstate @@ -0,0 +1,39 @@ +{ + "version": 3, + "terraform_version": "1.11.0", + "backend": { + "type": "azurerm", + "config": { + "access_key": null, + "client_certificate": null, + "client_certificate_password": null, + "client_certificate_path": null, + "client_id": null, + "client_id_file_path": null, + "client_secret": null, + "client_secret_file_path": null, + "container_name": "testtfstate", + "endpoint": null, + "environment": null, + "key": "vnet-peering.terraform.tfstate", + "metadata_host": null, + "msi_endpoint": null, + "oidc_request_token": null, + "oidc_request_url": null, + "oidc_token": null, + "oidc_token_file_path": null, + "resource_group_name": "tf_state", + "sas_token": null, + "snapshot": null, + "storage_account_name": "tfstatefile84", + "subscription_id": "61fbcac7-2f66-43f1-aca9-bfbab5b91195", + "tenant_id": null, + "use_aks_workload_identity": null, + "use_azuread_auth": null, + "use_cli": null, + "use_msi": null, + "use_oidc": null + }, + "hash": 2846517555 + } +} \ No newline at end of file diff --git a/Vnet-Peering/Environments/test/backend.tf b/Vnet-Peering/Environments/test/backend.tf new file mode 100644 index 0000000..b91ceea --- /dev/null +++ b/Vnet-Peering/Environments/test/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "azurerm" { + resource_group_name = "tf_state" + storage_account_name = "tfstatefile84" + container_name = "testtfstate" + key = "vnet-peering.terraform.tfstate" + # subscription_id = "" + } +} \ No newline at end of file diff --git a/Vnet-Peering/Environments/test/providers.tf b/Vnet-Peering/Environments/test/providers.tf new file mode 100644 index 0000000..da30c99 --- /dev/null +++ b/Vnet-Peering/Environments/test/providers.tf @@ -0,0 +1,22 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "4.34.0" + } + } +} +# Configure the Microsoft Azure Provider +provider "azurerm" { + subscription_id = "" + features { + resource_group { + prevent_deletion_if_contains_resources = false + } + key_vault { + purge_soft_delete_on_destroy = true + recover_soft_deleted_key_vaults = true + } + + } +} diff --git a/Vnet-Peering/Environments/test/variables.tf b/Vnet-Peering/Environments/test/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/Vnet-Peering/modules/.gitignore b/Vnet-Peering/modules/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/Vnet-Peering/modules/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/Vnet-Peering/modules/peering-connection/.gitignore b/Vnet-Peering/modules/peering-connection/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/Vnet-Peering/modules/peering-connection/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/Vnet-Peering/modules/peering-connection/main.tf b/Vnet-Peering/modules/peering-connection/main.tf new file mode 100644 index 0000000..8da6724 --- /dev/null +++ b/Vnet-Peering/modules/peering-connection/main.tf @@ -0,0 +1,13 @@ +############################################################################################################## +# Virtual Network Peering +############################################################################################################## + + + +resource "azurerm_virtual_network_peering" "this" { + for_each = var.virtual_network_peering + name = each.value.name + resource_group_name = each.value.resource_group_name + virtual_network_name = each.value.virtual_network_name + remote_virtual_network_id = each.value.remote_virtual_network_id +} \ No newline at end of file diff --git a/Vnet-Peering/modules/peering-connection/outputs.tf b/Vnet-Peering/modules/peering-connection/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/Vnet-Peering/modules/peering-connection/variables.tf b/Vnet-Peering/modules/peering-connection/variables.tf new file mode 100644 index 0000000..544f7c4 --- /dev/null +++ b/Vnet-Peering/modules/peering-connection/variables.tf @@ -0,0 +1,17 @@ +############################################################################################################## +# Virtual Network Peering Variables +############################################################################################################## + + +variable "virtual_network_peering" { + description = "Map of virtual network peerings" + type = map(object({ + name = string + resource_group_name = string + virtual_network_name = string + remote_virtual_network_id = string + allow_virtual_network_access = optional(bool) + allow_forwarded_traffic = optional(bool) + + })) +} \ No newline at end of file diff --git a/virtual-machines/.DS_Store b/virtual-machines/.DS_Store new file mode 100644 index 0000000..5aec9bf Binary files /dev/null and b/virtual-machines/.DS_Store differ diff --git a/virtual-machines/AWS/EC2/main.tf b/virtual-machines/AWS/EC2/main.tf new file mode 100644 index 0000000..40423d8 --- /dev/null +++ b/virtual-machines/AWS/EC2/main.tf @@ -0,0 +1,22 @@ +######################################################################## +# EC2 Instance +######################################################################## + +resource "aws_instance" "this" { + for_each = var.instance_attributes + ami = "ami-000ec6c25978d5999" + instance_type = each.value.instance_type + iam_instance_profile = each.value.iam_instance_profile + subnet_id = each.value.subnet_id ## Ensure this is the private subnet, for SSM access + vpc_security_group_ids = each.value.vpc_security_group_ids + metadata_options { + http_tokens = "required" + } + root_block_device { + encrypted = true + } + tags = { + Name = "${var.name}-instance" + } + +} \ No newline at end of file diff --git a/virtual-machines/AWS/EC2/outputs.tf b/virtual-machines/AWS/EC2/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/virtual-machines/AWS/EC2/variables.tf b/virtual-machines/AWS/EC2/variables.tf new file mode 100644 index 0000000..92fdd4c --- /dev/null +++ b/virtual-machines/AWS/EC2/variables.tf @@ -0,0 +1,22 @@ +######################################################################## +# EC2 Variables +######################################################################## + +variable "instance_attributes" { + description = "Map of instances to create" + type = map(object({ + instance_type = string # t2.micro + iam_instance_profile = optional(string) + subnet_id = string + vpc_security_group_ids = optional(list(string)) + + })) +} + +variable "tags" { + description = "tags to apply" + type = map(string) +} +variable "name" { + +} \ No newline at end of file diff --git a/virtual-machines/Azure/Linux-VM/.gitignore b/virtual-machines/Azure/Linux-VM/.gitignore new file mode 100644 index 0000000..1c99dc1 --- /dev/null +++ b/virtual-machines/Azure/Linux-VM/.gitignore @@ -0,0 +1 @@ +.terraform/ diff --git a/virtual-machines/Azure/Linux-VM/main.tf b/virtual-machines/Azure/Linux-VM/main.tf new file mode 100644 index 0000000..81e5b6b --- /dev/null +++ b/virtual-machines/Azure/Linux-VM/main.tf @@ -0,0 +1,40 @@ +######################################################################################## +# Linux VM +######################################################################################## + +resource "azurerm_network_interface" "this"{ + for_each = var. network_interface + name = each.value.name + location = each.value.location + resource_group_name = each.value.resource_group_name + ip_configuration { + name = each.value.ip_configuration.name + subnet_id = each.value.ip_configuration.subnet_id + private_ip_address_allocation = each.value.ip_configuration.private_ip_address_allocation + } +} + +resource "azurerm_linux_virtual_machine" "this" { + for_each = var.linux_vm + name = each.value.name + resource_group_name = each.value.resource_group_name + location = each.value.location + size = each.value.size + admin_username = "adminuser" + network_interface_ids = each.value.network_interface_ids + + os_disk { + caching = each.value.os_disk.caching + storage_account_type = each.value.os_disk.storage_account_type + } + source_image_reference { + publisher = "Canonical" + offer = "0001-com-ubuntu-server-jammy" + sku = "22_04-lts" + version = "latest" + } + admin_ssh_key { + username = "adminuser" + public_key = file("~/.ssh/id_rsa.pub") + } +} \ No newline at end of file diff --git a/virtual-machines/Azure/Linux-VM/outputs.tf b/virtual-machines/Azure/Linux-VM/outputs.tf new file mode 100644 index 0000000..4230412 --- /dev/null +++ b/virtual-machines/Azure/Linux-VM/outputs.tf @@ -0,0 +1,9 @@ +output "network_interface_ids" { + description = "map of network interface IDs" + value = {for k, v in azurerm_network_interface.this : k => v.id } +} + +output "azurerm_linux_virtual_machine" { + description = " Map of linux VM Ids" + value = {for k,v in azurerm_linux_virtual_machine.this : k => v.id} +} \ No newline at end of file diff --git a/virtual-machines/Azure/Linux-VM/variables.tf b/virtual-machines/Azure/Linux-VM/variables.tf new file mode 100644 index 0000000..08108a3 --- /dev/null +++ b/virtual-machines/Azure/Linux-VM/variables.tf @@ -0,0 +1,59 @@ +######################################################################################## +# Linux VM +######################################################################################## + +variable "network_interface" { + description = "Map of azure Network Interfaces" + type = map(object({ + name = string + location = string + resource_group_name = string + ip_configuration = object({ + name = string + subnet_id = string + private_ip_address_allocation = string # "Dynamic", "Static" + }) + })) + + +} + + +variable "linux_vm" { + description = "Map of linux Virtual Machines" + type = map(object({ + name = string + resource_group_name = string + location = string + size = string + admin_username = string + network_interface_ids = list(string) + # admin_ssh_key = object({ + # name = string + # }) + os_disk = object({ + caching = optional(string) + storage_account_type = optional(string) # LRS, ZRS + }) + # source_image_reference = object({ + # publisher = optional(string) + # offer = optional(string) + # sku = optional(string) + # version = optional(string) + # }) + })) +# default = { +# source_image_reference = { +# publisher = "Canonical" +# offer = "0001-com-ubuntu-server-jammy" +# sku = "22_04-lts" +# version = "latest" +# } +# os_disk = { +# caching = "ReadWrite" +# storage_account_type = "Standard_LRS" + +# } + +# } +}