From b8e06b216d8d4973aa71e605587b0709573685ae Mon Sep 17 00:00:00 2001 From: thogue12 Date: Sun, 8 Jun 2025 16:26:54 -0400 Subject: [PATCH 01/43] new commit for testing --- .DS_Store | Bin 8196 -> 8196 bytes .github/.DS_Store | Bin 0 -> 6148 bytes S2S-VPN/.DS_Store | Bin 0 -> 6148 bytes S2S-VPN/modules/.DS_Store | Bin 0 -> 6148 bytes TransitGatway/.DS_Store | Bin 0 -> 6148 bytes Vnet-Peering/.DS_Store | Bin 0 -> 6148 bytes 6 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 .github/.DS_Store create mode 100644 S2S-VPN/.DS_Store create mode 100644 S2S-VPN/modules/.DS_Store create mode 100644 TransitGatway/.DS_Store create mode 100644 Vnet-Peering/.DS_Store diff --git a/.DS_Store b/.DS_Store index fa0f567e54f5f17e57289f21c43747ce7f39684e..ec18ffbf522b436731271fcdfcfcb63884505cdd 100644 GIT binary patch delta 562 zcmZp1XmOa}FR07Fz`)4BAi$85ZWx@LpIfl8a2or>2Eonj94s95AXyd$J%)6KOokGe z3ZNJR1M^~gWVzgY7nh`*{3M_l$DDWjQ$&6rb3~O-!7E>o0kIvZhk-$=0YtJh=+#3k zX2@VDWk^D?of9? zh>=NxWip$P92?K6Eo(%6PYw_gnQSM-gWxJLDoidGY6U5a6PBASA%k)RAU9CY+*AN{=$rEZ delta 390 zcmZp1XmOa}FRIGGz`)4BAi%(o%Am^-&fv)4=b5uHaWVU5b`BN}M%Bp&1jROM2|i++ z{6tV>vVt&=PRPAv;SFDoIRZ7ZGXygj0kJMa7()PqUv7SiOHxjL5>SQ%qH1!4uo75f zpKuWq1H5@+lFi$qPijO*Rq*sdIrFe>utN z<9d(*IifNs1|UmJo*>S{40Oz7WwEbJ3T~4>h)JOsQhfI1hAkjNAQA}2BTE1c;bRoo Wm{`ELnO))=%j8CJX{wo-%LoAfN`-^~ diff --git a/.github/.DS_Store b/.github/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..385f4b43b0dd02aa03cb613078481527ac58cb7f GIT binary patch literal 6148 zcmeHKK}th05S_7IeCei}qRSk?-XNCm33>skMFoFJsT8-lg!Clh4Lnf6y>Bw3^kW1U zA|f-8yh&yzng8G?86x7@b~z;)6H$XE$f8t4rmLnSa~=Y@tZ_{pC3>Ly?xwQPU!0QM zkCAbr4c*Z}{?qwYTCFwZ$-eHjN^QI7(gN1zWcU2|^!jrCmFM!Cp6lDgozFA@@0|f> zz!`7`oPnQX0C%=XGg9>48E^)ife!}cdpwGZShhw?_FYwD$ zi~N3wkDLK#;GZ$T!*<@z@KJWRe)>GQYXjOPnuz#iQ6SKJj{pqh962pUwFlAR7Y(zb UtRnLz9Ow^$LWpZJ=OPAC>zZ<%)&ZmphSg%?SGU!{!JTIzPz&Cq+Ebb29o{qoTyN>0z{8ty9 zTz2uMMJj1c72deMY(IIlb9{MzxYryzULTnad-degqREEFfH7bU{AvbJvstozL9@ny zF<=aA7~t=NhcX7mMlgLkU{VVJ9Ai2O#@tJAj8_bbjUZMaPC|ha>a@jh5{`MVenGJj zlyGv|d^o+c(+d_u^)j%gBfGsM;Ukr0~1+* literal 0 HcmV?d00001 diff --git a/S2S-VPN/modules/.DS_Store b/S2S-VPN/modules/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..9c269e5c6ae092303777d771738b4dd08264e97d GIT binary patch literal 6148 zcmeHK!Ab)$5S_6V7QFP}!DD`*e-O+11-*;biXOUbQA(kB$Pf4{;#c?y`YVDL-(*JH zWrN33WCoHq$;@Q3Z`ovrh+O6S*R=CLtjqh}s>jH;p%p#QZ6W85bvN(j z)90(@?Rac+mpuyk5BF{O&YS^fz!`7`_Q3$|Y?10j(R*jW8E^)E8IbcKpb199q?nHm zbh!io4l$hty3`U96AYtaQiKJ<8Vb} zqoViDfHTl#V4%a1-2WH&WQs+8H^fKIfHUyV7~o+&ttWUWyIXsYCwFZ?yFwEYza$C- mdgmtq135>|vQh0pbofQXq$sP%d=3Ztk3c5GJ7-`I415EFrA9RX literal 0 HcmV?d00001 diff --git a/TransitGatway/.DS_Store b/TransitGatway/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..84be976a21922159cff051c5a9386bb592fc2f1f GIT binary patch literal 6148 zcmeHKK~BR!475ung6N?K4jlIj{XwWwAfdM(Y z5zTO3k90%r^LwEC>S{8-i1o7dAichIEQ&=H7x2xVpGKz#Z!bq*?On(6TmH-IPAJ6<1|^?Pl}r$v(wodIXS8Ti!3~Ts0C0%uBp6FCAu+))H*6HK0$~jWYA9Qa!5WVFV1Bt_qp0D; z)_kztnXNADehK(X-ApRqeXmH~U{3rwOF;P_H literal 0 HcmV?d00001 diff --git a/Vnet-Peering/.DS_Store b/Vnet-Peering/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..c1703d4f1b5e7f69a31279caf9633311f51f0f0e GIT binary patch literal 6148 zcmeHKK~BR!475unf{H{B960WYd&LJrmA;@KKqUx}61D=$IX^+-BiwiZ-{Hb|ZIzUy zNL&ygTe4@fYj2#{D2|DUr>k;8G$x`9Dmd7K=@D5M?a07pWRcSzw-o7yYPx`R`3nrl z+3nK|=k-9>)IPs^x~ncH^Yd6QTMx3;w~j@zsNw>?+35NB>G194^sBw=SbocYdDY2f z7jIgml2%mVjqA(ylSezp*OP-s%dzA2k=b^yo_ty~`Oq0~2AqLk%>Zh)NH$V*>kK#p z&cK=h`91`wU~bqbrcVbZ#yrT)*h_y3zge&q}}1OJKv9v1Uribt~A x+IcvswE=nt6%oHiaUFs|D#h@XQhWqWg83i=U~bqbVg}+r0*MAU&cKf{@D3R@RI&g7 literal 0 HcmV?d00001 From df48f0b3cd321ee9329d5ba984e41602d8e0cf1a Mon Sep 17 00:00:00 2001 From: thogue12 Date: Sun, 8 Jun 2025 16:29:58 -0400 Subject: [PATCH 02/43] another one --- .DS_Store | Bin 8196 -> 8196 bytes Azure-WAN/.gitignore | 41 +++++++++++++++++++++++++++++++++++++++ S2S-VPN/.DS_Store | Bin 6148 -> 6148 bytes S2S-VPN/.gitignore | 41 +++++++++++++++++++++++++++++++++++++++ TransitGatway/.gitignore | 41 +++++++++++++++++++++++++++++++++++++++ VNET/.gitignore | 41 +++++++++++++++++++++++++++++++++++++++ VPC/.gitignore | 41 +++++++++++++++++++++++++++++++++++++++ Vnet-Peering/.gitignore | 41 +++++++++++++++++++++++++++++++++++++++ 8 files changed, 246 insertions(+) create mode 100644 Azure-WAN/.gitignore create mode 100644 S2S-VPN/.gitignore create mode 100644 TransitGatway/.gitignore create mode 100644 VNET/.gitignore create mode 100644 VPC/.gitignore create mode 100644 Vnet-Peering/.gitignore diff --git a/.DS_Store b/.DS_Store index ec18ffbf522b436731271fcdfcfcb63884505cdd..3202ede84eee38e22095ae9931468e3cea7aa8d5 100644 GIT binary patch delta 524 zcmZp1XmQw}CJ?*kHUk3#3xgg*IzuKyNp8N2OHxjL5>Sj|ucGR4k>AH0QRP$c$`@o9 z1}Ep|76A1yFi0m%ZWegX#3D2KfS{NVve62LlY~WoPu?deF?o$34;!4T#wf7)sh~O| zlZnb?K4CeQ4!+y#CL0JV!5CtbbAz8W%KW+c z2-iWx3>gh3PZn_ox#5OL6r;f8Y*E?C0itdo-8rH%BFK(f@k?(J$iGktgi**6lP8Gt zFf%Y1OjZ`Nmt&Cu`jVL;j3I!*8QG+5)0`QB-fIw(V1qK}iAe!1e=jBtw48tQV=;fW J!Q&Q1MgX0ZmlOa1 delta 516 zcmZp1XmQw}CJ?*Wo`HdZg+Y%YogtHAH0QRP$c$`@o9 z1}Ep|76A1yFi15_ZWegX#K185fS{NVveE9LiX|JqOx`CbF?o$34;!4T#>lYwsh~O| zlLX6TK4Cc)o>N=aOg0c!f-%G<=LqvLDom~xZUrfsB`h~tL4=3d$IE?kqKGnoZa%_w z5HUlb;>jY;AUE6)iJF`xDmOVm)D5IJM^r`x*-10@t1SZg7Ak=-2w7tC1aTf_1_p)6 z%3}6%U_UZ5gfRp#I3t_HTKDez`Y)3k#3b0D%z0u`li!KS0IlZV{8-GNZE(0lkr4o4 C2Abjk diff --git a/Azure-WAN/.gitignore b/Azure-WAN/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/Azure-WAN/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/S2S-VPN/.DS_Store b/S2S-VPN/.DS_Store index 085fe4aa14a736a1abb026b2bdfed335513382b0..87e07ba3ed8c986e940a8ac5e1e3e4c013368df5 100644 GIT binary patch delta 48 ycmZoMXffFEgo#OlW%4s7IhI2@F&iiAF^f%>W9ETzR2UUD2QqJA+04%ImmdImiw@)f delta 50 zcmZoMXffFEglY02CXvZMn0Q!joY=BvvL3V8WI1LyM`d$5^8%KM4WgUbIsWnk00B-D ALI3~& diff --git a/S2S-VPN/.gitignore b/S2S-VPN/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/S2S-VPN/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/TransitGatway/.gitignore b/TransitGatway/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/TransitGatway/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VNET/.gitignore b/VNET/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VNET/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC/.gitignore b/VPC/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VPC/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/Vnet-Peering/.gitignore b/Vnet-Peering/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/Vnet-Peering/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file From f3da585104d1c53d92702da015bfd341c4cea0fe Mon Sep 17 00:00:00 2001 From: thogue12 Date: Sun, 8 Jun 2025 16:32:42 -0400 Subject: [PATCH 03/43] lol --- .DS_Store | Bin 8196 -> 8196 bytes S2S-VPN/.DS_Store | Bin 6148 -> 6148 bytes TransitGatway/.DS_Store | Bin 6148 -> 6148 bytes Vnet-Peering/.DS_Store | Bin 6148 -> 6148 bytes 4 files changed, 0 insertions(+), 0 deletions(-) diff --git a/.DS_Store b/.DS_Store index 3202ede84eee38e22095ae9931468e3cea7aa8d5..b5b22c67c80f7277eaea045bf603e72c641a0c21 100644 GIT binary patch delta 335 zcmZp1XmQw}CJ?)mhk=2Cg+Y%YogtHS&IB91~UX~o-D%52-1@yDkFmIXdb?Nc95f?5(w8KOH7_1 T&cnSj|ucGR4k>AH0QRP$c$`@o9 z1}Ep|76A1yFi0nCZWicdVlq*g%qJ|z+QD~woycTEVMRDgbaIX`A7jAeYT;HU8HLHS zgykkHi14sJFd9nyIBS=q6DSGMR@-MkF`i#U&{xKZ${Xfn)mV8duTZ#~h&&DOe@=3o;CYlk;;6 OfI5IcVe?@oM^OMPkr;pg delta 85 zcmZoMXffDe#>B+HFqwx*MkF`i#U&{xKZ${Xf#b!Fq*Wrnk2yjmQm{(!7i1U)C+FuD N0Cj-C=EF>mq5x3&8B_oO diff --git a/TransitGatway/.DS_Store b/TransitGatway/.DS_Store index 84be976a21922159cff051c5a9386bb592fc2f1f..ca9e16e8c2fa7f3d3dc81323c4262ff09da6e14d 100644 GIT binary patch delta 85 zcmZoMXffDe#>6DSGMR@-MkF`i#U&{xKZ${Xfy14vHCXibF-NFG3RVgJf(*mp{{ delta 76 zcmZoMXffDe#>B+HFqwx*MkF`i#U&{xKZ${Xfnz}%PrS(QV~$XX6s!_V1sRiXFez-l I#-t|-04~86YXATM diff --git a/Vnet-Peering/.DS_Store b/Vnet-Peering/.DS_Store index c1703d4f1b5e7f69a31279caf9633311f51f0f0e..4fcb637634e327b1ff1f671e64d104f06a576f3b 100644 GIT binary patch delta 85 zcmZoMXffDe#>6DSGMR@-MkF`i#U&{xKZ${Xf#d2@n^@7`#~h&&DOe@=3o;CYlk;;6 OfI5IcVe?@oM^OMKofu#M delta 76 zcmZoMXffDe#>B+HFqwx*MkF`i#U&{xKZ${XfrER$+9HwP#~h&&DOe?#3Nj|&U{ct8 IjY&@w04$ysZ2$lO From 816a56950cd8baa946db656d362e626a97619ee1 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Sun, 8 Jun 2025 16:38:19 -0400 Subject: [PATCH 04/43] added some files --- S2S-VPN/Environments/dev/backend.tf | 0 S2S-VPN/Environments/dev/main.tf | 0 S2S-VPN/Environments/dev/providers.tf | 0 S2S-VPN/Environments/dev/variables.tf | 0 4 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 S2S-VPN/Environments/dev/backend.tf create mode 100644 S2S-VPN/Environments/dev/main.tf create mode 100644 S2S-VPN/Environments/dev/providers.tf create mode 100644 S2S-VPN/Environments/dev/variables.tf diff --git a/S2S-VPN/Environments/dev/backend.tf b/S2S-VPN/Environments/dev/backend.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/dev/main.tf b/S2S-VPN/Environments/dev/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/dev/providers.tf b/S2S-VPN/Environments/dev/providers.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/dev/variables.tf b/S2S-VPN/Environments/dev/variables.tf new file mode 100644 index 0000000..e69de29 From b002832893367896f7981c5dc30602a8d7d1cc77 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Sun, 8 Jun 2025 16:40:11 -0400 Subject: [PATCH 05/43] another one --- S2S-VPN/Environments/prod/backend.tf | 0 S2S-VPN/Environments/prod/main.tf | 0 S2S-VPN/Environments/prod/providers.tf | 0 S2S-VPN/Environments/prod/variables.tf | 0 S2S-VPN/Environments/test/backend.tf | 0 S2S-VPN/Environments/test/main.tf | 0 S2S-VPN/Environments/test/providers.tf | 0 S2S-VPN/Environments/test/variables.tf | 0 8 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 S2S-VPN/Environments/prod/backend.tf create mode 100644 S2S-VPN/Environments/prod/main.tf create mode 100644 S2S-VPN/Environments/prod/providers.tf create mode 100644 S2S-VPN/Environments/prod/variables.tf create mode 100644 S2S-VPN/Environments/test/backend.tf create mode 100644 S2S-VPN/Environments/test/main.tf create mode 100644 S2S-VPN/Environments/test/providers.tf create mode 100644 S2S-VPN/Environments/test/variables.tf diff --git a/S2S-VPN/Environments/prod/backend.tf b/S2S-VPN/Environments/prod/backend.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/prod/main.tf b/S2S-VPN/Environments/prod/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/prod/providers.tf b/S2S-VPN/Environments/prod/providers.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/prod/variables.tf b/S2S-VPN/Environments/prod/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/test/backend.tf b/S2S-VPN/Environments/test/backend.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/test/main.tf b/S2S-VPN/Environments/test/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/test/providers.tf b/S2S-VPN/Environments/test/providers.tf new file mode 100644 index 0000000..e69de29 diff --git a/S2S-VPN/Environments/test/variables.tf b/S2S-VPN/Environments/test/variables.tf new file mode 100644 index 0000000..e69de29 From 85d7376464d431cb2f3268286efa64eb5f22f29b Mon Sep 17 00:00:00 2001 From: thogue12 Date: Mon, 9 Jun 2025 20:54:52 -0400 Subject: [PATCH 06/43] fully --- .DS_Store | Bin 8196 -> 10244 bytes S2S-VPN/.DS_Store | Bin 6148 -> 6148 bytes S2S-VPN/modules/.DS_Store | Bin 6148 -> 6148 bytes VPC-Peering/Environments/test/main.tf | 51 +++-- VPC-Peering/Environments/test/providers.tf | 4 +- .../Environments/test/terraform.tfvars | 55 ++--- VPC-Peering/Environments/test/variables.tf | 120 ++++++----- .../single-vpc-to-vpc/01-source-vpc.tf | 196 ++--------------- .../single-vpc-to-vpc/02-destination-vpc.tf | 203 ++---------------- .../Modules/single-vpc-to-vpc/03-peering.tf | 12 +- .../Modules/single-vpc-to-vpc/04-subnet.tf | 78 +++++++ .../Modules/single-vpc-to-vpc/05-EC2.tf | 42 ++++ .../single-vpc-to-vpc/06-security-groups.tf | 69 ++++++ .../single-vpc-to-vpc/07-route-tables.tf | 79 +++++++ .../08-route-table-associations.tf | 51 +++++ .../Modules/single-vpc-to-vpc/09-iam.tf | 86 ++++++++ .../{04-variables.tf => 10-variables.tf} | 69 ++++-- .../{05-outputs.tf => 11-outputs.tf} | 0 18 files changed, 621 insertions(+), 494 deletions(-) create mode 100644 VPC-Peering/Modules/single-vpc-to-vpc/04-subnet.tf create mode 100644 VPC-Peering/Modules/single-vpc-to-vpc/05-EC2.tf create mode 100644 VPC-Peering/Modules/single-vpc-to-vpc/06-security-groups.tf create mode 100644 VPC-Peering/Modules/single-vpc-to-vpc/07-route-tables.tf create mode 100644 VPC-Peering/Modules/single-vpc-to-vpc/08-route-table-associations.tf create mode 100644 VPC-Peering/Modules/single-vpc-to-vpc/09-iam.tf rename VPC-Peering/Modules/single-vpc-to-vpc/{04-variables.tf => 10-variables.tf} (59%) rename VPC-Peering/Modules/single-vpc-to-vpc/{05-outputs.tf => 11-outputs.tf} (100%) diff --git a/.DS_Store b/.DS_Store index b5b22c67c80f7277eaea045bf603e72c641a0c21..2bac4dffe35f32bf5fa728d5b9610e7c70437369 100644 GIT binary patch delta 496 zcmZp1XbF&DU|?W$DortDU{C-uIe-{M3-C-#6q~50$Y{7RU^hRb;ba~Gso2X!Kp7SW zJ%)6KOoo!&d>5Cboctu97zZDJ=AApgk2#{sr@-a=_O*wKp~)9y7zQWj=N16l zU~n!AF3QWv&r1gy$~gIhnAGF|QU1w~#nkZ|@L5ciDI_1HUIf`+O>2PyKzBnW5FSF7 zm^?w8k8#4}_hQmK$d+$RtY#Br2K$adfg4D>f`WBp;&H$S89WF7&j*quB;85RaT zhIEEZhLYTT7nh`*{3MVr1I2P>(ci}$QRP$c$`@o91}Ep|76A1yFi1bx+$^BVBw}W+ zqhMxeS*xQ^ZD?d{3gj3YZQdg^gL$%wc;@8A;=YqFNboUfzMK3&LXAVDZ>49{*JF-A zj?82&NiKxI0&%IyVUm1|3KJ7E1ew7$Fi3C%X;+ZfHYR>&p3JWj$iWElFvH|{o~fJv Lii9(gZA&TuHvd>m diff --git a/S2S-VPN/.DS_Store b/S2S-VPN/.DS_Store index ac57a8c4911782f6068f23972e57e18b4f2784fc..a4940b6c7bbd7e329e4d261d7414bd79f8e87e94 100644 GIT binary patch delta 376 zcmZoMXfc=|#>B!ku~2NHo+2a9#(>?7iwl^U7V(ZFfa%Ju_F-c z{RaaE2B3md^=Jy#BP#&1*%@*f@)=SXN*Qt(QW=Vq%8Lu2#_dWf$jK}&F)+Bs$i&RT z%Er#Y&cV$Q8=R3}9$b=GQd;bkSQHK7h2-bwB*EB;Nnx3(B)qu~2NHo+2a1#(>?7j2x2-SY#$Au&kRb!q&K1ltYMRV#B=6>>T_Y cK$V*XIlePb<`;3~U;qL}1_qYR5h81t0pM2=>;M1& diff --git a/S2S-VPN/modules/.DS_Store b/S2S-VPN/modules/.DS_Store index 9c269e5c6ae092303777d771738b4dd08264e97d..3d377596470a5321abbcdd392dbf3c7b407ab2b9 100644 GIT binary patch delta 404 zcmZoMXfc=|#>B!kF;Q%yo}w@h0|Nsi1A_oVesWSyeiD!;u$hr*C38JUf|((ap`4-E zGY26F6ml@}L4jo6h`kds+lVqkEMk%^gwm5rT)or9YrHaH`{Jh&vW zq_o&6u_zkE3(3#VNrJHxlfp7n%i{$^ob&Ta>Ju~bQj5SkGE-84YGT4O^HTE5o$^cb zQi{QvgCPp6F!wdlIk7Sbo delta 92 zcmZoMXfc=|#>B`mu~2NHo+3X70|Nsi1A_pAVQ_MOZo$ODwTv8-nOKWAZ)FW)+N{9A n&N8t Date: Wed, 18 Jun 2025 15:00:14 -0400 Subject: [PATCH 07/43] Create README.md --- README.md | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..01f9017 --- /dev/null +++ b/README.md @@ -0,0 +1,87 @@ +# Multi-Cloud-Networking-Module + +A **modular, reusable Terraform library** for building secure and scalable **multi-cloud networking architectures** across AWS and Azure. This project is your all-in-one solution for provisioning everything from VPC/VNet peering to complex hybrid-cloud topologies using Transit Gateways, Azure Virtual WAN, and Site-to-Site VPN. + +## 🌐 Project Goals + +- Enable engineers to deploy multi-cloud network infrastructure through simple and composable Terraform modules. +- Provide reusable patterns for cloud-to-cloud and intra-cloud connectivity. +- Enforce security and compliance with integrated DevSecOps pipelines using GitHub Actions. + +--- + +## 🧱 Modules Included + +### 🔁 Peering Modules + +- **AWS VPC Peering** + - Single-region + - Multi-region + - Multi-VPC mesh +- **Azure VNet Peering** + - Single-region + - Cross-region + +### 🌍 Hub-and-Spoke / Transit + +- **AWS Transit Gateway** + - Attach multiple VPCs to a central TGW + +- **Azure Virtual WAN** + - Build scalable hub-and-spoke topologies +- **Cross-cloud Interconnect (Planned)** + - TGW ↔ VWAN via VPN + +### 🔒 VPN Modules + +- **AWS ↔ Azure Site-to-Site VPN** +- **Multi-VPC VPN + BGP Routing (Planned)** + +--- + + +Each environment maintains **isolated state files**, enabling safe, separate deployments to `dev`, `test`, and `prod`. + +--- + +## ⚙️ CI/CD & DevSecOps + +### GitHub Actions Workflow + +This repo includes a **dynamic GitHub Actions pipeline** that: + +- Validates, formats, and plans Terraform code +- Runs IaC security scans using open-source tools +- Accepts **user input parameters** via workflow dispatch: + - `environment` (e.g., dev, test, prod) + - `module_path` (which module to deploy) + - *(Future)* `cidr_block` and other variables + +## DevSecOps Tooling + +The workflow enforces high standards through: + +- ✅ `terraform fmt` +- ✅ `terraform validate` +- ✅ `terraform plan` +- ✅ `tfsec` (security misconfiguration checks) +- ✅ `tflint` (linting for best practices) +- ✅ `trivy config` (IaC vulnerability scanning) + +```yaml +on: + workflow_dispatch: + inputs: + environment: + description: 'Target environment' + required: true + default: 'dev' + module_path: + description: 'Path to the Terraform module to apply' + required: true + default: './modules/aws/vpc-peering' + cidr_block: + description: 'Optional CIDR block' + required: false + + From 302d26eb90b0cdfad2d3e0c01045333981b55008 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 20 Jun 2025 05:14:09 -0400 Subject: [PATCH 08/43] first commit to VPC module --- VPC/Environment/Dev/main.tf | 40 ++++++++++++++ VPC/Environment/Dev/variables.tf | 74 ++++++++++++++++++++++++++ VPC/Modules/.DS_Store | Bin 0 -> 6148 bytes VPC/Modules/VPC/.gitignore | 45 ++++++++++++++++ VPC/Modules/VPC/README.MD | 46 ++++++++++++++++ VPC/Modules/VPC/igw-nat.tf | 49 +++++++++++++++++ VPC/Modules/VPC/private-subnets.tf | 23 ++++++++ VPC/Modules/VPC/provider..tf | 13 +++++ VPC/Modules/VPC/public-subnets.tf | 25 +++++++++ VPC/Modules/VPC/route-tables.tf | 82 +++++++++++++++++++++++++++++ VPC/Modules/VPC/variables.tf | 75 ++++++++++++++++++++++++++ VPC/Modules/VPC/vpc-flowlogs.tf | 0 VPC/Modules/VPC/vpc.tf | 18 +++++++ 13 files changed, 490 insertions(+) create mode 100644 VPC/Environment/Dev/main.tf create mode 100644 VPC/Environment/Dev/variables.tf create mode 100644 VPC/Modules/.DS_Store create mode 100644 VPC/Modules/VPC/.gitignore create mode 100644 VPC/Modules/VPC/README.MD create mode 100644 VPC/Modules/VPC/igw-nat.tf create mode 100644 VPC/Modules/VPC/private-subnets.tf create mode 100644 VPC/Modules/VPC/provider..tf create mode 100644 VPC/Modules/VPC/public-subnets.tf create mode 100644 VPC/Modules/VPC/route-tables.tf create mode 100644 VPC/Modules/VPC/variables.tf create mode 100644 VPC/Modules/VPC/vpc-flowlogs.tf create mode 100644 VPC/Modules/VPC/vpc.tf diff --git a/VPC/Environment/Dev/main.tf b/VPC/Environment/Dev/main.tf new file mode 100644 index 0000000..db8c085 --- /dev/null +++ b/VPC/Environment/Dev/main.tf @@ -0,0 +1,40 @@ + +terraform { + required_version = ">= 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "6.0.0-beta2" + } + } +} + +locals { + region = "us-east-1" +} + +provider "aws" { + region = local.region +} + +module "vpc" { + source = "../../Modules/vpc" + create_vpc = var.create_vpc + vpc_cidr = "10.0.0.0/16" + enable_dns_hostnames = "true" + enable_dns_support = "true" + public_subnets_cidr_blocks = ["10.0.0.0/24", "10.0.1.0/24", "10.0.2.0/24"] + availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] + map_public_ip_on_launch = var.map_public_ip_on_launch + private_subnets_cidr_blocks = ["10.0.3.0/24", "10.0.4.0/24", "10.0.5.0/24"] + create_nat = "true" + name = "smooth" + create_igw = "true" + tags = { + Environment = "Dev" + Project = "Smooth" + } + + + +} \ No newline at end of file diff --git a/VPC/Environment/Dev/variables.tf b/VPC/Environment/Dev/variables.tf new file mode 100644 index 0000000..e5e0797 --- /dev/null +++ b/VPC/Environment/Dev/variables.tf @@ -0,0 +1,74 @@ +variable "create_vpc" { + description = "Create a new VPC" + type = bool + default = true + +} + +variable "vpc_cidr" { + description = "CIDR block for the VPC" + type = string + default = "" +} + +variable "enable_dns_hostnames" { + description = "Enable DNS hostnames in the VPC" + type = bool + default = true +} + +variable "enable_dns_support" { + description = "Enable DNS support in the VPC" + type = bool + default = true +} + +variable "public_subnets_cidr_blocks" { + description = "List of CIDR blocks for public subnets" + type = list(string) + default = [""] + +} + +variable "availability_zones" { + description = "List of availability zones for the VPC" + type = list(string) + default = [""] + +} + +variable "map_public_ip_on_launch" { + description = "Map public IP on launch for public subnets" + type = bool + default = true + +} + +######### private subnets ######### +variable "private_subnets_cidr_blocks" { + description = "List of private subnets CIDR blocks" + type = list(string) + default = [""] +} + +######### NAT/ IGW ############# +variable "create_nat" { + description = "Create a NAT Gateway" + type = bool + default = true +} +variable "create_igw" { + description = "Create an Internet Gateway" + type = bool + default = true +} +variable "tags" { + description = "tags for each resource" + type = map(string) + default = {} +} +variable "name" { + description = "universal name" + type = string + default = "" +} \ No newline at end of file diff --git a/VPC/Modules/.DS_Store b/VPC/Modules/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..ab2b872d5c8615d2afc67fb07f7e524c01816ef2 GIT binary patch literal 6148 zcmeHKJ5Iwu5S>X($feEHZvP6wSBq$O&O?r3SfI8>k0-S}0Gw|jEII>7d z0dJ()=bf3iE5E|y5fNSP*9(!kh*WSxd9r0}mNy^SBqKAR+8K-XzT56bb*BQxoyx7; z$kpay$iI00&TPA;S#7!%BGt>=`=On@UJkSC6WQJ4@YDlnG%7#^r~nn90{>b8^lY>0 zERZV|paN9jO9A^n6u4oX*a!Nj1B;IUK>Lk%!?Vv4z+wSlo!AE=0@I)ZgQ_`VXwVTa zSyw0afk7Abn{iIwtT~~m-;Q|ka?v`FD;1yu#|lhiJGcIS4gX>OKPGWU1*pKEQb1=- z+br=)*;_|1XT7$-@8F+?S}(`qtr+O77#nNF=YzUp&&bz_eW243cRG+i0;UU%3jBrw EA0BxpfB*mh literal 0 HcmV?d00001 diff --git a/VPC/Modules/VPC/.gitignore b/VPC/Modules/VPC/.gitignore new file mode 100644 index 0000000..11a858c --- /dev/null +++ b/VPC/Modules/VPC/.gitignore @@ -0,0 +1,45 @@ +# Local .terraform directories +**/.terraform/* +**/.terraform/ + + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store +**/.DS_Store/ +../.DS_Store \ No newline at end of file diff --git a/VPC/Modules/VPC/README.MD b/VPC/Modules/VPC/README.MD new file mode 100644 index 0000000..b920e34 --- /dev/null +++ b/VPC/Modules/VPC/README.MD @@ -0,0 +1,46 @@ +######################################################### +# Topics I'm going to explore in this module +######################################################### + + +### Conditional logic + - Conditionally create VPC + - Based off the bool the subsequent resources associated to the VPC will be created or not + - Create IGW based off of bool + - That IGW should then have logic in a locals variable, that says. "if the vpc bool == true and the public route table == true then create a route to the internet gateway" + - example logic: + locals{ + create_route_to_igw = var.create_vpc && var.create_igw && local.create_public_route_table + } + - Create NAT Gateway based off of bool + - That NAT should then have logic in a locals variable, that says. "if the vpc bool == true and the private subnet creation == true then create a route to the NAT gateway" + - example logic: + locals{ + create_route_to_nat = var.create_vpc && var.create_igw && local.create_private_route_table + } +### Count + - Couple conditional logic with the Count meta argument + - Based off of the conditions bool will determine how many of the VPCs are created + +### Dynamic Resource Allocation + - Based on how many VPCs are created will result in how many Private, Public Subnets are created + - Along with Route tables for Public and Private subs + - Internet Gateway + - NAT Gateway + +### Dynamic CIDR Blocks + - Use one of the Terraform functions to create CIDRs for subnets based off of the VPC created. + +### Dynamic Resource Creation: + - allow the user to specify how many of a given resource is created + - + +### map(string) variables for tags with string interpolation + - Name + - Environment + - example: + variable "tags"{ + description = "tags for each resource" + type = map(string) + default = {} + } \ No newline at end of file diff --git a/VPC/Modules/VPC/igw-nat.tf b/VPC/Modules/VPC/igw-nat.tf new file mode 100644 index 0000000..b79fede --- /dev/null +++ b/VPC/Modules/VPC/igw-nat.tf @@ -0,0 +1,49 @@ + +############################################################## +# Module: igw-nat +################################################################ +## Create IGW and NAT Gateway if the VPC is created and the respective subnet CIDR blocks are provided + + +locals { + create_igw = var.create_vpc && length(var.public_subnets_cidr_blocks) > 0 + create_nat_gateway = var.create_vpc && length(var.private_subnets_cidr_blocks) > 0 + create_eip = var.create_vpc && length(var.private_subnets_cidr_blocks) > 0 +} + +resource "aws_eip" "this_eip" { + count = local.create_eip ? 1 : 0 + + tags = merge( + { + Name = "${var.name}-nat-eip" + }, + var.tags + ) +} + +resource "aws_internet_gateway" "this_igw" { + count = local.create_igw ? 1 : 0 + vpc_id = aws_vpc.this_vpc[0].id + + tags = merge( + { + Name = "${var.name}-igw" + }, + var.tags + ) + +} + +resource "aws_nat_gateway" "this_nat" { + count = local.create_nat_gateway ? 1:0 + allocation_id = aws_eip.this_eip[0].id + subnet_id = aws_subnet.public_subnets[0].id + + tags = merge( + { + Name = "${var.name}-nat-gateway" + }, + var.tags + ) +} \ No newline at end of file diff --git a/VPC/Modules/VPC/private-subnets.tf b/VPC/Modules/VPC/private-subnets.tf new file mode 100644 index 0000000..d257421 --- /dev/null +++ b/VPC/Modules/VPC/private-subnets.tf @@ -0,0 +1,23 @@ +########################################################################## +# Private Subnets +########################################################################## + +### Create private subnets if the list of CIDR blocks is not empty +locals { + create_private_subnets = length(var.private_subnets_cidr_blocks) > 0 +} + +resource "aws_subnet" "private_subnets" { + count = var.create_vpc ? length(var.private_subnets_cidr_blocks): 0 + map_public_ip_on_launch = false + vpc_id = aws_vpc.this_vpc[0].id + cidr_block = var.private_subnets_cidr_blocks[count.index] + availability_zone = var.availability_zones[count.index % length(var.availability_zones)] + + tags = merge( + { + Name = "${var.name}-private-subnet-${count.index + 1}" + }, + var.tags + ) +} \ No newline at end of file diff --git a/VPC/Modules/VPC/provider..tf b/VPC/Modules/VPC/provider..tf new file mode 100644 index 0000000..ca3b037 --- /dev/null +++ b/VPC/Modules/VPC/provider..tf @@ -0,0 +1,13 @@ +terraform { + required_version = ">= 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "6.0.0-beta2" + } + } +} + +provider "aws" { + region = "us-east-1" +} \ No newline at end of file diff --git a/VPC/Modules/VPC/public-subnets.tf b/VPC/Modules/VPC/public-subnets.tf new file mode 100644 index 0000000..5709863 --- /dev/null +++ b/VPC/Modules/VPC/public-subnets.tf @@ -0,0 +1,25 @@ +########################################################################## +# Public Subnets +########################################################################## + +## Create public subnets if the list of CIDR blocks is not empty +locals { + create_public_subnets = length(var.public_subnets_cidr_blocks) > 0 +} + +resource "aws_subnet" "public_subnets" { + count = var.create_vpc ? length(var.public_subnets_cidr_blocks) : 0 + vpc_id = aws_vpc.this_vpc[0].id + cidr_block = var.public_subnets_cidr_blocks[count.index] + availability_zone = var.availability_zones[count.index % length(var.availability_zones)] + + map_public_ip_on_launch = var.map_public_ip_on_launch + + tags = merge( + { + Name = "${var.name}-public-subnet-${count.index + 1}" + }, + var.tags + ) + +} \ No newline at end of file diff --git a/VPC/Modules/VPC/route-tables.tf b/VPC/Modules/VPC/route-tables.tf new file mode 100644 index 0000000..e0d8b17 --- /dev/null +++ b/VPC/Modules/VPC/route-tables.tf @@ -0,0 +1,82 @@ +######################################################################### +# Route Tables for VPC +######################################################################### +locals{ + create_public_route_table = var.create_vpc && length(var.public_subnets_cidr_blocks) > 0 + create_private_route_table = var.create_vpc && length(var.private_subnets_cidr_blocks) > 0 + create_route_to_igw = var.create_vpc && var.create_igw && local.create_public_route_table + create_route_to_nat = var.create_vpc && var.create_nat && local.create_private_route_table + +} +######################################################################### +# Public RT and Rules +######################################################################### +resource "aws_route_table" "public" { + count = local.create_public_route_table ? 1:0 + vpc_id = aws_vpc.this_vpc[0].id + + tags = merge( + { + Name = "${var.name}-public-route-table" + }, + var.tags + ) +} +resource "aws_route" "public_internet_gateway" { + count = local.create_route_to_igw ? 1:0 + + route_table_id = aws_route_table.public[count.index].id + destination_cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.this_igw[0].id + + +} + +######################################################################### +# Public RT Association +######################################################################### +resource "aws_route_table_association" "public_association" { + count = local.create_public_subnets ? length(aws_subnet.public_subnets) : 0 + + subnet_id = element(aws_subnet.public_subnets[*].id, count.index) + route_table_id = aws_route_table.public[0].id + +} + + +######################################################################### +# Private RT and Rules +######################################################################### + +resource "aws_route_table" "private" { + count = local.create_private_route_table ? 1:0 + vpc_id = aws_vpc.this_vpc[0].id + + tags = merge( + { + Name = "${var.name}-private-route-table" + }, + var.tags + ) +} + + +resource "aws_route" "private_nat_gateway" { + count = var.create_vpc && local.create_public_route_table ? 1 : 0 + + route_table_id = aws_route_table.private[count.index].id + destination_cidr_block = "0.0.0.0/0" + gateway_id = aws_nat_gateway.this_nat[0].id + +} + +######################################################################### +# Private RT Association +######################################################################### +resource "aws_route_table_association" "private_association" { + count = local.create_private_subnets ? length(aws_subnet.private_subnets) : 0 + + subnet_id = element(aws_subnet.private_subnets[*].id, count.index) + route_table_id = aws_route_table.private[0].id + +} \ No newline at end of file diff --git a/VPC/Modules/VPC/variables.tf b/VPC/Modules/VPC/variables.tf new file mode 100644 index 0000000..745231a --- /dev/null +++ b/VPC/Modules/VPC/variables.tf @@ -0,0 +1,75 @@ +variable "create_vpc" { + description = "Create a new VPC" + type = bool + default = true + +} + +variable "vpc_cidr" { + description = "CIDR block for the VPC" + type = string + default = "" +} + +variable "enable_dns_hostnames" { + description = "Enable DNS hostnames in the VPC" + type = bool + default = true +} + +variable "enable_dns_support" { + description = "Enable DNS support in the VPC" + type = bool + default = true +} + +variable "public_subnets_cidr_blocks" { + description = "List of CIDR blocks for public subnets" + type = list(string) + default = [""] + +} + +variable "availability_zones" { + description = "List of availability zones for the VPC" + type = list(string) + default = [""] + +} + +variable "map_public_ip_on_launch" { + description = "Map public IP on launch for public subnets" + type = bool + default = true + +} + +######### private subnets ######### +variable "private_subnets_cidr_blocks" { + description = "List of private subnets CIDR blocks" + type = list(string) + default = [""] +} + +######### NAT/ IGW ############# +variable "create_nat" { + description = "Create a NAT Gateway" + type = bool + default = true +} +variable "create_igw" { + description = "Create an Internet Gateway" + type = bool + default = true +} +variable "tags"{ + description = "tags for each resource" + type = map(string) + default = {} + } + variable "name" { + description = "universal name" + type = string + default = "" + } + \ No newline at end of file diff --git a/VPC/Modules/VPC/vpc-flowlogs.tf b/VPC/Modules/VPC/vpc-flowlogs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Modules/VPC/vpc.tf b/VPC/Modules/VPC/vpc.tf new file mode 100644 index 0000000..055d26a --- /dev/null +++ b/VPC/Modules/VPC/vpc.tf @@ -0,0 +1,18 @@ +########################################################################## +# VPC Configuration +########################################################################## + + +resource "aws_vpc" "this_vpc" { + count = var.create_vpc ? 1: 0 + cidr_block = var.vpc_cidr + enable_dns_support = var.enable_dns_support + enable_dns_hostnames = var.enable_dns_hostnames + + tags = merge( + { + Name = "${var.name}-vpc" + }, + var.tags + ) +} \ No newline at end of file From 28ae7c2e9dcd46734c0e30501536fcffad32e600 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 20 Jun 2025 10:23:09 -0400 Subject: [PATCH 09/43] additional logic --- VPC/Environment/Dev/backend.tf | 8 ++++++ VPC/Environment/Dev/outputs.tf | 40 ++++++++++++++++++++++++++++++ VPC/Environment/Dev/providers.tf | 13 ++++++++++ VPC/Modules/VPC/ouputs.tf | 40 ++++++++++++++++++++++++++++++ VPC/Modules/VPC/private-subnets.tf | 2 +- VPC/Modules/VPC/route-tables.tf | 4 +-- VPC/Modules/VPC/variables.tf | 9 ++++++- 7 files changed, 112 insertions(+), 4 deletions(-) create mode 100644 VPC/Environment/Dev/backend.tf create mode 100644 VPC/Environment/Dev/outputs.tf create mode 100644 VPC/Environment/Dev/providers.tf create mode 100644 VPC/Modules/VPC/ouputs.tf diff --git a/VPC/Environment/Dev/backend.tf b/VPC/Environment/Dev/backend.tf new file mode 100644 index 0000000..409aaf7 --- /dev/null +++ b/VPC/Environment/Dev/backend.tf @@ -0,0 +1,8 @@ +terraform { + backend "s3" { + bucket = "terraform-state-bucket1237546" + key = "dev-vpc-by-terraform-state.tfstate" + region = "us-east-1" + use_lockfile = true + } +} diff --git a/VPC/Environment/Dev/outputs.tf b/VPC/Environment/Dev/outputs.tf new file mode 100644 index 0000000..ba419a2 --- /dev/null +++ b/VPC/Environment/Dev/outputs.tf @@ -0,0 +1,40 @@ +output "vpc_id" { + description = "The ID of the VPC" + value = module.vpc.vpc_id +} + +output "vpc_cidr" { + description = "VPC CIDR" + value = module.vpc.vpc_cidr +} +output "igw_id" { + description = "The ID of the Internet Gateway" + value = module.vpc.igw_id +} + +output "igw_arn" { + description = "The ARN of the Internet Gateway" + value = module.vpc.igw_arn +} +output "public_subnets" { + description = "List of IDs of public subnets" + value = module.vpc.public_subnets +} +output "public_subnet_arns" { + description = "List of ARNs of public subnets" + value = module.vpc.public_subnet_arns +} +output "public_subnets_cidr_blocks" { + description = "List of cidr_blocks of public subnets" + value = module.vpc.public_subnets_cidr_blocks +} + +output "private_subnets" { + description = "List of IDs of private subnets" + value = module.vpc.private_subnets +} + +output "private_subnets_cidr_blocks" { + description = "List of cidr_blocks of private subnets" + value = module.vpc.private_subnets_cidr_blocks +} \ No newline at end of file diff --git a/VPC/Environment/Dev/providers.tf b/VPC/Environment/Dev/providers.tf new file mode 100644 index 0000000..bd011dc --- /dev/null +++ b/VPC/Environment/Dev/providers.tf @@ -0,0 +1,13 @@ +terraform { + required_version = ">= 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "6.0.0-beta2" + } + } + +} +provider "aws" { + region = local.region +} diff --git a/VPC/Modules/VPC/ouputs.tf b/VPC/Modules/VPC/ouputs.tf new file mode 100644 index 0000000..a3b1d91 --- /dev/null +++ b/VPC/Modules/VPC/ouputs.tf @@ -0,0 +1,40 @@ +output "vpc_id" { + description = "The ID of the VPC" + value = aws_vpc.this_vpc[0].id +} + +output "vpc_cidr" { + description = "VPC CIDR" + value = aws_vpc.this_vpc[0].cidr_block +} +output "igw_id" { + description = "The ID of the Internet Gateway" + value = aws_internet_gateway.this_igw[0].id +} + +output "igw_arn" { + description = "The ARN of the Internet Gateway" + value = aws_internet_gateway.this_igw[0].arn +} +output "public_subnets" { + description = "List of IDs of public subnets" + value = aws_subnet.public_subnets[*].id +} +output "public_subnet_arns" { + description = "List of ARNs of public subnets" + value = aws_subnet.public_subnets[*].arn +} +output "public_subnets_cidr_blocks" { + description = "List of cidr_blocks of public subnets" + value = compact(aws_subnet.public_subnets[*].cidr_block) +} + +output "private_subnets" { + description = "List of IDs of private subnets" + value = aws_subnet.private_subnets[*].id +} + +output "private_subnets_cidr_blocks" { + description = "List of cidr_blocks of private subnets" + value = compact(aws_subnet.private_subnets[*].cidr_block) +} \ No newline at end of file diff --git a/VPC/Modules/VPC/private-subnets.tf b/VPC/Modules/VPC/private-subnets.tf index d257421..7a6b5ee 100644 --- a/VPC/Modules/VPC/private-subnets.tf +++ b/VPC/Modules/VPC/private-subnets.tf @@ -9,7 +9,7 @@ locals { resource "aws_subnet" "private_subnets" { count = var.create_vpc ? length(var.private_subnets_cidr_blocks): 0 - map_public_ip_on_launch = false + map_public_ip_on_launch = var.map_public_ip_on_private_subs vpc_id = aws_vpc.this_vpc[0].id cidr_block = var.private_subnets_cidr_blocks[count.index] availability_zone = var.availability_zones[count.index % length(var.availability_zones)] diff --git a/VPC/Modules/VPC/route-tables.tf b/VPC/Modules/VPC/route-tables.tf index e0d8b17..547c64c 100644 --- a/VPC/Modules/VPC/route-tables.tf +++ b/VPC/Modules/VPC/route-tables.tf @@ -62,11 +62,11 @@ resource "aws_route_table" "private" { resource "aws_route" "private_nat_gateway" { - count = var.create_vpc && local.create_public_route_table ? 1 : 0 + count = local.create_private_route_table ? 1 : 0 route_table_id = aws_route_table.private[count.index].id destination_cidr_block = "0.0.0.0/0" - gateway_id = aws_nat_gateway.this_nat[0].id + nat_gateway_id = aws_nat_gateway.this_nat[0].id } diff --git a/VPC/Modules/VPC/variables.tf b/VPC/Modules/VPC/variables.tf index 745231a..7d57e66 100644 --- a/VPC/Modules/VPC/variables.tf +++ b/VPC/Modules/VPC/variables.tf @@ -44,6 +44,13 @@ variable "map_public_ip_on_launch" { } +variable "map_public_ip_on_private_subs" { + description = "Map public IP on launch for public subnets" + type = bool + default = false + +} + ######### private subnets ######### variable "private_subnets_cidr_blocks" { description = "List of private subnets CIDR blocks" @@ -72,4 +79,4 @@ variable "tags"{ type = string default = "" } - \ No newline at end of file + From da0d8eed2746062f3f81a55c196c16f0e9e09b3a Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 20 Jun 2025 10:41:21 -0400 Subject: [PATCH 10/43] new readme --- VPC/Modules/VPC/README.MD | 88 +++++++++++++++++++-------------------- 1 file changed, 42 insertions(+), 46 deletions(-) diff --git a/VPC/Modules/VPC/README.MD b/VPC/Modules/VPC/README.MD index b920e34..48ff1b2 100644 --- a/VPC/Modules/VPC/README.MD +++ b/VPC/Modules/VPC/README.MD @@ -1,46 +1,42 @@ -######################################################### -# Topics I'm going to explore in this module -######################################################### - - -### Conditional logic - - Conditionally create VPC - - Based off the bool the subsequent resources associated to the VPC will be created or not - - Create IGW based off of bool - - That IGW should then have logic in a locals variable, that says. "if the vpc bool == true and the public route table == true then create a route to the internet gateway" - - example logic: - locals{ - create_route_to_igw = var.create_vpc && var.create_igw && local.create_public_route_table - } - - Create NAT Gateway based off of bool - - That NAT should then have logic in a locals variable, that says. "if the vpc bool == true and the private subnet creation == true then create a route to the NAT gateway" - - example logic: - locals{ - create_route_to_nat = var.create_vpc && var.create_igw && local.create_private_route_table - } -### Count - - Couple conditional logic with the Count meta argument - - Based off of the conditions bool will determine how many of the VPCs are created - -### Dynamic Resource Allocation - - Based on how many VPCs are created will result in how many Private, Public Subnets are created - - Along with Route tables for Public and Private subs - - Internet Gateway - - NAT Gateway - -### Dynamic CIDR Blocks - - Use one of the Terraform functions to create CIDRs for subnets based off of the VPC created. - -### Dynamic Resource Creation: - - allow the user to specify how many of a given resource is created - - - -### map(string) variables for tags with string interpolation - - Name - - Environment - - example: - variable "tags"{ - description = "tags for each resource" - type = map(string) - default = {} - } \ No newline at end of file +# 🧱 AWS VPC Terraform Module + +This is a reusable and extensible **Terraform module** for provisioning a secure and scalable **AWS Virtual Private Cloud (VPC)**. It acts as the **foundation** for the AWS side of the [Multi-Cloud-Networking-Module](https://github.com/YOUR_USERNAME/Multi-Cloud-Networking-Module), serving as a core dependency for peering, VPN, and transit gateway modules. + +--- + +## 🎯 Purpose + +This module was designed to: + +- Standardize AWS VPC creation across environments +- Serve as the **base layer** for multi-cloud connectivity +- Incorporate **intermediate to advanced Terraform patterns** to enable flexibility, composability, and modular reuse +- Continuously evolve as new networking patterns emerge + +--- + +## ⚙️ Features + +- VPC creation with configurable CIDR block +- Public, private, and database subnets with NAT gateway support +- Route table management and IGW/NAT configuration +- Optional VPC endpoints and DNS support +- Flexible subnet grouping via dynamic blocks +- Use of **locals**, **count**, **conditional logic**, and **dynamic blocks** + +--- + +## 🧠 Terraform Concepts Used + +This module demonstrates intermediate to advanced usage of: + +- `count` and `for_each` for resource control +- `locals` for centralized logic and derived values +- `dynamic` blocks for on-demand subnet generation +- Conditional logic inside locals for flexible configurations +- Parameterized design for reuse across environments (`dev`, `test`, `prod`) + +--- + + + From 77ede99cfbeb926b62de22c2f7fc9511b6dd8882 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 20 Jun 2025 10:43:19 -0400 Subject: [PATCH 11/43] new readme --- VPC/README.MD | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 VPC/README.MD diff --git a/VPC/README.MD b/VPC/README.MD new file mode 100644 index 0000000..48ff1b2 --- /dev/null +++ b/VPC/README.MD @@ -0,0 +1,42 @@ +# 🧱 AWS VPC Terraform Module + +This is a reusable and extensible **Terraform module** for provisioning a secure and scalable **AWS Virtual Private Cloud (VPC)**. It acts as the **foundation** for the AWS side of the [Multi-Cloud-Networking-Module](https://github.com/YOUR_USERNAME/Multi-Cloud-Networking-Module), serving as a core dependency for peering, VPN, and transit gateway modules. + +--- + +## 🎯 Purpose + +This module was designed to: + +- Standardize AWS VPC creation across environments +- Serve as the **base layer** for multi-cloud connectivity +- Incorporate **intermediate to advanced Terraform patterns** to enable flexibility, composability, and modular reuse +- Continuously evolve as new networking patterns emerge + +--- + +## ⚙️ Features + +- VPC creation with configurable CIDR block +- Public, private, and database subnets with NAT gateway support +- Route table management and IGW/NAT configuration +- Optional VPC endpoints and DNS support +- Flexible subnet grouping via dynamic blocks +- Use of **locals**, **count**, **conditional logic**, and **dynamic blocks** + +--- + +## 🧠 Terraform Concepts Used + +This module demonstrates intermediate to advanced usage of: + +- `count` and `for_each` for resource control +- `locals` for centralized logic and derived values +- `dynamic` blocks for on-demand subnet generation +- Conditional logic inside locals for flexible configurations +- Parameterized design for reuse across environments (`dev`, `test`, `prod`) + +--- + + + From 2a175b9f2e19d2a10b939c7b4dd92ad048d267ae Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 20 Jun 2025 10:44:10 -0400 Subject: [PATCH 12/43] new readme --- VPC/Modules/VPC/README.MD | 42 --------------------------------------- 1 file changed, 42 deletions(-) delete mode 100644 VPC/Modules/VPC/README.MD diff --git a/VPC/Modules/VPC/README.MD b/VPC/Modules/VPC/README.MD deleted file mode 100644 index 48ff1b2..0000000 --- a/VPC/Modules/VPC/README.MD +++ /dev/null @@ -1,42 +0,0 @@ -# 🧱 AWS VPC Terraform Module - -This is a reusable and extensible **Terraform module** for provisioning a secure and scalable **AWS Virtual Private Cloud (VPC)**. It acts as the **foundation** for the AWS side of the [Multi-Cloud-Networking-Module](https://github.com/YOUR_USERNAME/Multi-Cloud-Networking-Module), serving as a core dependency for peering, VPN, and transit gateway modules. - ---- - -## 🎯 Purpose - -This module was designed to: - -- Standardize AWS VPC creation across environments -- Serve as the **base layer** for multi-cloud connectivity -- Incorporate **intermediate to advanced Terraform patterns** to enable flexibility, composability, and modular reuse -- Continuously evolve as new networking patterns emerge - ---- - -## ⚙️ Features - -- VPC creation with configurable CIDR block -- Public, private, and database subnets with NAT gateway support -- Route table management and IGW/NAT configuration -- Optional VPC endpoints and DNS support -- Flexible subnet grouping via dynamic blocks -- Use of **locals**, **count**, **conditional logic**, and **dynamic blocks** - ---- - -## 🧠 Terraform Concepts Used - -This module demonstrates intermediate to advanced usage of: - -- `count` and `for_each` for resource control -- `locals` for centralized logic and derived values -- `dynamic` blocks for on-demand subnet generation -- Conditional logic inside locals for flexible configurations -- Parameterized design for reuse across environments (`dev`, `test`, `prod`) - ---- - - - From d0b5b8287db91018e011cefc2f988aa4ca52a203 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 20 Jun 2025 11:37:13 -0400 Subject: [PATCH 13/43] new readme --- VPC/Environment/Dev/main.tf | 43 +++++++++++--------------------- VPC/Environment/Dev/variables.tf | 13 ++++++++-- 2 files changed, 25 insertions(+), 31 deletions(-) diff --git a/VPC/Environment/Dev/main.tf b/VPC/Environment/Dev/main.tf index db8c085..5bd83ee 100644 --- a/VPC/Environment/Dev/main.tf +++ b/VPC/Environment/Dev/main.tf @@ -1,40 +1,25 @@ -terraform { - required_version = ">= 1.0" - required_providers { - aws = { - source = "hashicorp/aws" - version = "6.0.0-beta2" - } - } -} - locals { region = "us-east-1" } -provider "aws" { - region = local.region -} - module "vpc" { - source = "../../Modules/vpc" - create_vpc = var.create_vpc - vpc_cidr = "10.0.0.0/16" - enable_dns_hostnames = "true" - enable_dns_support = "true" - public_subnets_cidr_blocks = ["10.0.0.0/24", "10.0.1.0/24", "10.0.2.0/24"] - availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] - map_public_ip_on_launch = var.map_public_ip_on_launch - private_subnets_cidr_blocks = ["10.0.3.0/24", "10.0.4.0/24", "10.0.5.0/24"] - create_nat = "true" - name = "smooth" - create_igw = "true" + source = "../../Modules/vpc" + create_vpc = "true" + vpc_cidr = "10.0.0.0/16" + enable_dns_hostnames = "true" + enable_dns_support = "true" + public_subnets_cidr_blocks = ["10.0.0.0/24", "10.0.1.0/24", "10.0.2.0/24"] + private_subnets_cidr_blocks = ["10.0.3.0/24", "10.0.4.0/24", "10.0.5.0/24"] + availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] + map_public_ip_on_launch = "true" + map_public_ip_on_private_subs = "false" + create_nat = "true" + name = "smooth" + create_igw = "true" tags = { Environment = "Dev" Project = "Smooth" } - - - + } \ No newline at end of file diff --git a/VPC/Environment/Dev/variables.tf b/VPC/Environment/Dev/variables.tf index e5e0797..6fdf93d 100644 --- a/VPC/Environment/Dev/variables.tf +++ b/VPC/Environment/Dev/variables.tf @@ -44,6 +44,13 @@ variable "map_public_ip_on_launch" { } +variable "map_public_ip_on_private_subs" { + description = "Map public IP on launch for public subnets" + type = bool + default = false + +} + ######### private subnets ######### variable "private_subnets_cidr_blocks" { description = "List of private subnets CIDR blocks" @@ -70,5 +77,7 @@ variable "tags" { variable "name" { description = "universal name" type = string - default = "" -} \ No newline at end of file + default = "" +} + + \ No newline at end of file From 8e9ecd6a716988185230bab715747390ba9d7bae Mon Sep 17 00:00:00 2001 From: thogue12 Date: Mon, 23 Jun 2025 16:25:59 -0400 Subject: [PATCH 14/43] another one --- IAM/.DS_Store | Bin 0 -> 6148 bytes .../CloudWatch-Logging/main.tf | 0 IAM/CloudWatch-Logging/outputs.tf | 0 IAM/CloudWatch-Logging/variables.tf | 0 IAM/SSM-Policy/main.tf | 86 +++++++++++++++++ IAM/SSM-Policy/outputs.tf | 18 ++++ IAM/SSM-Policy/variables.tf | 0 VPC/Modules/Simple-VPC/.gitignore | 45 +++++++++ VPC/Modules/Simple-VPC/igw-nat.tf | 49 ++++++++++ VPC/Modules/Simple-VPC/ouputs.tf | 40 ++++++++ VPC/Modules/Simple-VPC/private-subnets.tf | 23 +++++ VPC/Modules/Simple-VPC/provider..tf | 13 +++ VPC/Modules/Simple-VPC/public-subnets.tf | 25 +++++ VPC/Modules/Simple-VPC/route-tables.tf | 82 ++++++++++++++++ VPC/Modules/Simple-VPC/variables.tf | 82 ++++++++++++++++ VPC/Modules/Simple-VPC/vpc-flowlogs.tf | 0 VPC/Modules/{VPC => Simple-VPC}/vpc.tf | 0 VPC/Modules/VPC/main.tf | 18 ++++ VPC/Modules/VPC/outputs.tf | 14 +++ VPC/Modules/VPC/variables.tf | 91 ++++-------------- VPC/Modules/igw-nat/main.tf | 49 ++++++++++ VPC/Modules/igw-nat/outputs.tf | 9 ++ VPC/Modules/igw-nat/variables.tf | 38 ++++++++ VPC/Modules/route-tables/main.tf | 84 ++++++++++++++++ VPC/Modules/route-tables/outputs.tf | 0 VPC/Modules/route-tables/variables.tf | 59 ++++++++++++ VPC/Modules/security-groups/main.tf | 0 VPC/Modules/security-groups/outputs.tf | 0 VPC/Modules/security-groups/variables.tf | 0 VPC/Modules/subnets/outputs.tf | 33 +++++++ VPC/Modules/subnets/private.tf | 24 +++++ VPC/Modules/subnets/public.tf | 25 +++++ VPC/Modules/subnets/variables.tf | 67 +++++++++++++ 33 files changed, 903 insertions(+), 71 deletions(-) create mode 100644 IAM/.DS_Store rename VPC/Modules/VPC/vpc-flowlogs.tf => IAM/CloudWatch-Logging/main.tf (100%) create mode 100644 IAM/CloudWatch-Logging/outputs.tf create mode 100644 IAM/CloudWatch-Logging/variables.tf create mode 100644 IAM/SSM-Policy/main.tf create mode 100644 IAM/SSM-Policy/outputs.tf create mode 100644 IAM/SSM-Policy/variables.tf create mode 100644 VPC/Modules/Simple-VPC/.gitignore create mode 100644 VPC/Modules/Simple-VPC/igw-nat.tf create mode 100644 VPC/Modules/Simple-VPC/ouputs.tf create mode 100644 VPC/Modules/Simple-VPC/private-subnets.tf create mode 100644 VPC/Modules/Simple-VPC/provider..tf create mode 100644 VPC/Modules/Simple-VPC/public-subnets.tf create mode 100644 VPC/Modules/Simple-VPC/route-tables.tf create mode 100644 VPC/Modules/Simple-VPC/variables.tf create mode 100644 VPC/Modules/Simple-VPC/vpc-flowlogs.tf rename VPC/Modules/{VPC => Simple-VPC}/vpc.tf (100%) create mode 100644 VPC/Modules/VPC/main.tf create mode 100644 VPC/Modules/VPC/outputs.tf create mode 100644 VPC/Modules/igw-nat/main.tf create mode 100644 VPC/Modules/igw-nat/outputs.tf create mode 100644 VPC/Modules/igw-nat/variables.tf create mode 100644 VPC/Modules/route-tables/main.tf create mode 100644 VPC/Modules/route-tables/outputs.tf create mode 100644 VPC/Modules/route-tables/variables.tf create mode 100644 VPC/Modules/security-groups/main.tf create mode 100644 VPC/Modules/security-groups/outputs.tf create mode 100644 VPC/Modules/security-groups/variables.tf create mode 100644 VPC/Modules/subnets/outputs.tf create mode 100644 VPC/Modules/subnets/private.tf create mode 100644 VPC/Modules/subnets/public.tf create mode 100644 VPC/Modules/subnets/variables.tf diff --git a/IAM/.DS_Store b/IAM/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..6d2d13e7b89966aa50af18b82da778e7a494fb6c GIT binary patch literal 6148 zcmeHKu};H441HHR6uMMQjJKl>{ew`#1`<+-uFzI$ky6ruBC+K&82AhR0e%8jzJurU zsU%9PR!AU(?8x^nK09}Qk>VJD>n|rgpaY;q6>RKtSR=A7T9Zb!$f66+m|%!&++mDa z&D#urkpX#khd4!s97~knUl-@JO?lnm7Sn9n8;tY$qLjo=aq~P)M_E2%TS5i zda~=D^L+B{*u|`N-UAGHU7(9gW|lFpF&?UUwV!ylwSMJ19`A?#P4n2``*rSZzSVPj zZf{}?7z4(@k2AoUEz)W$+Gq?I1IECL0r@_7s$deaPz;|A4xt4gHfavRx%3he<0B>! z3q`I_oQ4uL)WsIVX*lgZ`XvzyMGc3G&4-ISyV#+)usfgcgF9TJXrnP;3{)A|)7y^J z|Fg~ge>KSNi~(cdUoqgC=^*VhrC3{Q$w{sC)GMlp_!Ww)5KclVrmvLZBWe)Zy-bKn T#6po4iv0)#8f-8IewBewN0(p= literal 0 HcmV?d00001 diff --git a/VPC/Modules/VPC/vpc-flowlogs.tf b/IAM/CloudWatch-Logging/main.tf similarity index 100% rename from VPC/Modules/VPC/vpc-flowlogs.tf rename to IAM/CloudWatch-Logging/main.tf diff --git a/IAM/CloudWatch-Logging/outputs.tf b/IAM/CloudWatch-Logging/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/IAM/CloudWatch-Logging/variables.tf b/IAM/CloudWatch-Logging/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/IAM/SSM-Policy/main.tf b/IAM/SSM-Policy/main.tf new file mode 100644 index 0000000..cccb1d3 --- /dev/null +++ b/IAM/SSM-Policy/main.tf @@ -0,0 +1,86 @@ +### use the IAM policy created for SSM ### + +resource "aws_iam_policy" "ssm_policy" { + name = "AmazonSSMManagedInstanceCore" + path = "/" + description = "SSM policy" + + # Terraform's "jsonencode" function converts a + # Terraform expression result to valid JSON syntax. + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + "Effect": "Allow", + "Action": [ + "ssm:DescribeAssociation", + "ssm:GetDeployablePatchSnapshotForInstance", + "ssm:GetDocument", + "ssm:DescribeDocument", + "ssm:GetManifest", + "ssm:GetParameter", + "ssm:GetParameters", + "ssm:ListAssociations", + "ssm:ListInstanceAssociations", + "ssm:PutInventory", + "ssm:PutComplianceItems", + "ssm:PutConfigurePackageResult", + "ssm:UpdateAssociationStatus", + "ssm:UpdateInstanceAssociationStatus", + "ssm:UpdateInstanceInformation" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2messages:AcknowledgeMessage", + "ec2messages:DeleteMessage", + "ec2messages:FailMessage", + "ec2messages:GetEndpoint", + "ec2messages:GetMessages", + "ec2messages:SendReply" + ], + "Resource": "*" + } + ] + }) +} + +data "aws_iam_policy_document" "ssm_policy_doc" { + statement { + actions = [ + "sts:AssumeRole" + ] + principals { + type = "Service" + identifiers = ["ec2.amazonaws.com"] + } + effect = "Allow" + } +} + +resource "aws_iam_role" "ssm_role" { + name = "AmazonSSMManagedInstanceCore1" + assume_role_policy = data.aws_iam_policy_document.ssm_policy_doc.json +} + +resource "aws_iam_role_policy_attachment" "attach_ssm_policy" { + role = aws_iam_role.ssm_role.name + policy_arn = aws_iam_policy.ssm_policy.arn +} + +resource "aws_iam_instance_profile" "ssm_profile" { + name = "AmazonSSMManagedInstanceCore2" + role = aws_iam_role.ssm_role.name +} \ No newline at end of file diff --git a/IAM/SSM-Policy/outputs.tf b/IAM/SSM-Policy/outputs.tf new file mode 100644 index 0000000..6916d96 --- /dev/null +++ b/IAM/SSM-Policy/outputs.tf @@ -0,0 +1,18 @@ +output "iam_instance_profile" { + description = "IAM Instance Profile for SSM" + value = aws_iam_instance_profile.ssm_profile.name +} +output "ssm_policy_arn" { + description = "ARN of the SSM IAM Policy" + value = aws_iam_policy.ssm_policy.arn +} + +output "ssm_role_name" { + description = "Name of the SSM IAM Role" + value = aws_iam_role.ssm_role.name +} + +output "aws_iam_policy" { + description = "IAM Policy for SSM" + value = aws_iam_policy.ssm_policy +} \ No newline at end of file diff --git a/IAM/SSM-Policy/variables.tf b/IAM/SSM-Policy/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Modules/Simple-VPC/.gitignore b/VPC/Modules/Simple-VPC/.gitignore new file mode 100644 index 0000000..11a858c --- /dev/null +++ b/VPC/Modules/Simple-VPC/.gitignore @@ -0,0 +1,45 @@ +# Local .terraform directories +**/.terraform/* +**/.terraform/ + + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store +**/.DS_Store/ +../.DS_Store \ No newline at end of file diff --git a/VPC/Modules/Simple-VPC/igw-nat.tf b/VPC/Modules/Simple-VPC/igw-nat.tf new file mode 100644 index 0000000..b79fede --- /dev/null +++ b/VPC/Modules/Simple-VPC/igw-nat.tf @@ -0,0 +1,49 @@ + +############################################################## +# Module: igw-nat +################################################################ +## Create IGW and NAT Gateway if the VPC is created and the respective subnet CIDR blocks are provided + + +locals { + create_igw = var.create_vpc && length(var.public_subnets_cidr_blocks) > 0 + create_nat_gateway = var.create_vpc && length(var.private_subnets_cidr_blocks) > 0 + create_eip = var.create_vpc && length(var.private_subnets_cidr_blocks) > 0 +} + +resource "aws_eip" "this_eip" { + count = local.create_eip ? 1 : 0 + + tags = merge( + { + Name = "${var.name}-nat-eip" + }, + var.tags + ) +} + +resource "aws_internet_gateway" "this_igw" { + count = local.create_igw ? 1 : 0 + vpc_id = aws_vpc.this_vpc[0].id + + tags = merge( + { + Name = "${var.name}-igw" + }, + var.tags + ) + +} + +resource "aws_nat_gateway" "this_nat" { + count = local.create_nat_gateway ? 1:0 + allocation_id = aws_eip.this_eip[0].id + subnet_id = aws_subnet.public_subnets[0].id + + tags = merge( + { + Name = "${var.name}-nat-gateway" + }, + var.tags + ) +} \ No newline at end of file diff --git a/VPC/Modules/Simple-VPC/ouputs.tf b/VPC/Modules/Simple-VPC/ouputs.tf new file mode 100644 index 0000000..a3b1d91 --- /dev/null +++ b/VPC/Modules/Simple-VPC/ouputs.tf @@ -0,0 +1,40 @@ +output "vpc_id" { + description = "The ID of the VPC" + value = aws_vpc.this_vpc[0].id +} + +output "vpc_cidr" { + description = "VPC CIDR" + value = aws_vpc.this_vpc[0].cidr_block +} +output "igw_id" { + description = "The ID of the Internet Gateway" + value = aws_internet_gateway.this_igw[0].id +} + +output "igw_arn" { + description = "The ARN of the Internet Gateway" + value = aws_internet_gateway.this_igw[0].arn +} +output "public_subnets" { + description = "List of IDs of public subnets" + value = aws_subnet.public_subnets[*].id +} +output "public_subnet_arns" { + description = "List of ARNs of public subnets" + value = aws_subnet.public_subnets[*].arn +} +output "public_subnets_cidr_blocks" { + description = "List of cidr_blocks of public subnets" + value = compact(aws_subnet.public_subnets[*].cidr_block) +} + +output "private_subnets" { + description = "List of IDs of private subnets" + value = aws_subnet.private_subnets[*].id +} + +output "private_subnets_cidr_blocks" { + description = "List of cidr_blocks of private subnets" + value = compact(aws_subnet.private_subnets[*].cidr_block) +} \ No newline at end of file diff --git a/VPC/Modules/Simple-VPC/private-subnets.tf b/VPC/Modules/Simple-VPC/private-subnets.tf new file mode 100644 index 0000000..7a6b5ee --- /dev/null +++ b/VPC/Modules/Simple-VPC/private-subnets.tf @@ -0,0 +1,23 @@ +########################################################################## +# Private Subnets +########################################################################## + +### Create private subnets if the list of CIDR blocks is not empty +locals { + create_private_subnets = length(var.private_subnets_cidr_blocks) > 0 +} + +resource "aws_subnet" "private_subnets" { + count = var.create_vpc ? length(var.private_subnets_cidr_blocks): 0 + map_public_ip_on_launch = var.map_public_ip_on_private_subs + vpc_id = aws_vpc.this_vpc[0].id + cidr_block = var.private_subnets_cidr_blocks[count.index] + availability_zone = var.availability_zones[count.index % length(var.availability_zones)] + + tags = merge( + { + Name = "${var.name}-private-subnet-${count.index + 1}" + }, + var.tags + ) +} \ No newline at end of file diff --git a/VPC/Modules/Simple-VPC/provider..tf b/VPC/Modules/Simple-VPC/provider..tf new file mode 100644 index 0000000..ca3b037 --- /dev/null +++ b/VPC/Modules/Simple-VPC/provider..tf @@ -0,0 +1,13 @@ +terraform { + required_version = ">= 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "6.0.0-beta2" + } + } +} + +provider "aws" { + region = "us-east-1" +} \ No newline at end of file diff --git a/VPC/Modules/Simple-VPC/public-subnets.tf b/VPC/Modules/Simple-VPC/public-subnets.tf new file mode 100644 index 0000000..5709863 --- /dev/null +++ b/VPC/Modules/Simple-VPC/public-subnets.tf @@ -0,0 +1,25 @@ +########################################################################## +# Public Subnets +########################################################################## + +## Create public subnets if the list of CIDR blocks is not empty +locals { + create_public_subnets = length(var.public_subnets_cidr_blocks) > 0 +} + +resource "aws_subnet" "public_subnets" { + count = var.create_vpc ? length(var.public_subnets_cidr_blocks) : 0 + vpc_id = aws_vpc.this_vpc[0].id + cidr_block = var.public_subnets_cidr_blocks[count.index] + availability_zone = var.availability_zones[count.index % length(var.availability_zones)] + + map_public_ip_on_launch = var.map_public_ip_on_launch + + tags = merge( + { + Name = "${var.name}-public-subnet-${count.index + 1}" + }, + var.tags + ) + +} \ No newline at end of file diff --git a/VPC/Modules/Simple-VPC/route-tables.tf b/VPC/Modules/Simple-VPC/route-tables.tf new file mode 100644 index 0000000..547c64c --- /dev/null +++ b/VPC/Modules/Simple-VPC/route-tables.tf @@ -0,0 +1,82 @@ +######################################################################### +# Route Tables for VPC +######################################################################### +locals{ + create_public_route_table = var.create_vpc && length(var.public_subnets_cidr_blocks) > 0 + create_private_route_table = var.create_vpc && length(var.private_subnets_cidr_blocks) > 0 + create_route_to_igw = var.create_vpc && var.create_igw && local.create_public_route_table + create_route_to_nat = var.create_vpc && var.create_nat && local.create_private_route_table + +} +######################################################################### +# Public RT and Rules +######################################################################### +resource "aws_route_table" "public" { + count = local.create_public_route_table ? 1:0 + vpc_id = aws_vpc.this_vpc[0].id + + tags = merge( + { + Name = "${var.name}-public-route-table" + }, + var.tags + ) +} +resource "aws_route" "public_internet_gateway" { + count = local.create_route_to_igw ? 1:0 + + route_table_id = aws_route_table.public[count.index].id + destination_cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.this_igw[0].id + + +} + +######################################################################### +# Public RT Association +######################################################################### +resource "aws_route_table_association" "public_association" { + count = local.create_public_subnets ? length(aws_subnet.public_subnets) : 0 + + subnet_id = element(aws_subnet.public_subnets[*].id, count.index) + route_table_id = aws_route_table.public[0].id + +} + + +######################################################################### +# Private RT and Rules +######################################################################### + +resource "aws_route_table" "private" { + count = local.create_private_route_table ? 1:0 + vpc_id = aws_vpc.this_vpc[0].id + + tags = merge( + { + Name = "${var.name}-private-route-table" + }, + var.tags + ) +} + + +resource "aws_route" "private_nat_gateway" { + count = local.create_private_route_table ? 1 : 0 + + route_table_id = aws_route_table.private[count.index].id + destination_cidr_block = "0.0.0.0/0" + nat_gateway_id = aws_nat_gateway.this_nat[0].id + +} + +######################################################################### +# Private RT Association +######################################################################### +resource "aws_route_table_association" "private_association" { + count = local.create_private_subnets ? length(aws_subnet.private_subnets) : 0 + + subnet_id = element(aws_subnet.private_subnets[*].id, count.index) + route_table_id = aws_route_table.private[0].id + +} \ No newline at end of file diff --git a/VPC/Modules/Simple-VPC/variables.tf b/VPC/Modules/Simple-VPC/variables.tf new file mode 100644 index 0000000..7d57e66 --- /dev/null +++ b/VPC/Modules/Simple-VPC/variables.tf @@ -0,0 +1,82 @@ +variable "create_vpc" { + description = "Create a new VPC" + type = bool + default = true + +} + +variable "vpc_cidr" { + description = "CIDR block for the VPC" + type = string + default = "" +} + +variable "enable_dns_hostnames" { + description = "Enable DNS hostnames in the VPC" + type = bool + default = true +} + +variable "enable_dns_support" { + description = "Enable DNS support in the VPC" + type = bool + default = true +} + +variable "public_subnets_cidr_blocks" { + description = "List of CIDR blocks for public subnets" + type = list(string) + default = [""] + +} + +variable "availability_zones" { + description = "List of availability zones for the VPC" + type = list(string) + default = [""] + +} + +variable "map_public_ip_on_launch" { + description = "Map public IP on launch for public subnets" + type = bool + default = true + +} + +variable "map_public_ip_on_private_subs" { + description = "Map public IP on launch for public subnets" + type = bool + default = false + +} + +######### private subnets ######### +variable "private_subnets_cidr_blocks" { + description = "List of private subnets CIDR blocks" + type = list(string) + default = [""] +} + +######### NAT/ IGW ############# +variable "create_nat" { + description = "Create a NAT Gateway" + type = bool + default = true +} +variable "create_igw" { + description = "Create an Internet Gateway" + type = bool + default = true +} +variable "tags"{ + description = "tags for each resource" + type = map(string) + default = {} + } + variable "name" { + description = "universal name" + type = string + default = "" + } + diff --git a/VPC/Modules/Simple-VPC/vpc-flowlogs.tf b/VPC/Modules/Simple-VPC/vpc-flowlogs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Modules/VPC/vpc.tf b/VPC/Modules/Simple-VPC/vpc.tf similarity index 100% rename from VPC/Modules/VPC/vpc.tf rename to VPC/Modules/Simple-VPC/vpc.tf diff --git a/VPC/Modules/VPC/main.tf b/VPC/Modules/VPC/main.tf new file mode 100644 index 0000000..8c6bde7 --- /dev/null +++ b/VPC/Modules/VPC/main.tf @@ -0,0 +1,18 @@ +########################################################################## +# VPC Configuration +########################################################################## + + +resource "aws_vpc" "this_vpc" { + # count = var.create_vpc ? 1: 0 + cidr_block = var.vpc_cidr + enable_dns_support = var.enable_dns_support + enable_dns_hostnames = var.enable_dns_hostnames + + tags = merge( + { + Name = "${var.name}-vpc" + }, + var.tags + ) +} \ No newline at end of file diff --git a/VPC/Modules/VPC/outputs.tf b/VPC/Modules/VPC/outputs.tf new file mode 100644 index 0000000..3af979f --- /dev/null +++ b/VPC/Modules/VPC/outputs.tf @@ -0,0 +1,14 @@ +output "vpc_cidr" { + description = "VPC CIDR" + value = aws_vpc.this_vpc.cidr_block +} + +output "vpc_id" { + description = "VPC ID" + value = aws_vpc.this_vpc.id +} + +output "vpc_arn" { + description = "VPC ARN" + value = aws_vpc.this_vpc.arn +} \ No newline at end of file diff --git a/VPC/Modules/VPC/variables.tf b/VPC/Modules/VPC/variables.tf index 7d57e66..58fbca8 100644 --- a/VPC/Modules/VPC/variables.tf +++ b/VPC/Modules/VPC/variables.tf @@ -1,82 +1,31 @@ -variable "create_vpc" { - description = "Create a new VPC" - type = bool - default = true -} -variable "vpc_cidr" { - description = "CIDR block for the VPC" - type = string - default = "" +variable "name" { + description = "Global name for all resources" + type = string + default = "" } -variable "enable_dns_hostnames" { - description = "Enable DNS hostnames in the VPC" - type = bool - default = true +variable "vpc_cidr" { + description = "VPC CIDR" + type = string + default = "" } variable "enable_dns_support" { - description = "Enable DNS support in the VPC" - type = bool - default = true -} - -variable "public_subnets_cidr_blocks" { - description = "List of CIDR blocks for public subnets" - type = list(string) - default = [""] - -} - -variable "availability_zones" { - description = "List of availability zones for the VPC" - type = list(string) - default = [""] - + description = "Enable DNS Support for VPC" + type = bool + default = true } -variable "map_public_ip_on_launch" { - description = "Map public IP on launch for public subnets" - type = bool - default = true - -} - -variable "map_public_ip_on_private_subs" { - description = "Map public IP on launch for public subnets" - type = bool - default = false - -} - -######### private subnets ######### -variable "private_subnets_cidr_blocks" { - description = "List of private subnets CIDR blocks" - type = list(string) - default = [""] +variable "enable_dns_hostnames" { + description = "Enable Hostnames for VPC" + type = bool + default = true } -######### NAT/ IGW ############# -variable "create_nat" { - description = "Create a NAT Gateway" - type = bool - default = true -} -variable "create_igw" { - description = "Create an Internet Gateway" - type = bool - default = true -} -variable "tags"{ - description = "tags for each resource" - type = map(string) - default = {} - } - variable "name" { - description = "universal name" - type = string - default = "" - } - +variable "tags" { + description = "Global tags to apply to all resources" + type = map(string) + default = {} +} \ No newline at end of file diff --git a/VPC/Modules/igw-nat/main.tf b/VPC/Modules/igw-nat/main.tf new file mode 100644 index 0000000..a7a8495 --- /dev/null +++ b/VPC/Modules/igw-nat/main.tf @@ -0,0 +1,49 @@ + +############################################################## +# Module: igw-nat +################################################################ +## Create IGW and NAT Gateway if the VPC is created and the respective subnet CIDR blocks are provided + + +locals { + create_igw = length(var.public_subnets_cidr_blocks) > 0 + create_nat_gateway = length(var.private_subnets_cidr_blocks) > 0 + create_eip = length(var.private_subnets_cidr_blocks) > 0 +} + +resource "aws_eip" "this_eip" { + count = local.create_eip ? 1 : 0 + + tags = merge( + { + Name = "${var.name}-nat-eip" + }, + var.tags + ) +} + +resource "aws_internet_gateway" "this_igw" { + count = local.create_igw ? 1 : 0 + vpc_id = var.vpc_id + + tags = merge( + { + Name = "${var.name}-igw" + }, + var.tags + ) + +} + +resource "aws_nat_gateway" "this_nat" { + count = local.create_nat_gateway ? 1:0 + allocation_id = aws_eip.this_eip[0].id + subnet_id = var.public_subnets[0] # Assuming the first public subnet is used for the NAT Gateway + + tags = merge( + { + Name = "${var.name}-nat-gateway" + }, + var.tags + ) +} \ No newline at end of file diff --git a/VPC/Modules/igw-nat/outputs.tf b/VPC/Modules/igw-nat/outputs.tf new file mode 100644 index 0000000..21c7e99 --- /dev/null +++ b/VPC/Modules/igw-nat/outputs.tf @@ -0,0 +1,9 @@ +output "igw_id" { + description = "The ID of the Internet Gateway" + value = aws_internet_gateway.this_igw[0].id +} + +output "nat_id" { + description = "The ID of the NAT Gateway" + value = aws_nat_gateway.this_nat[0].id +} \ No newline at end of file diff --git a/VPC/Modules/igw-nat/variables.tf b/VPC/Modules/igw-nat/variables.tf new file mode 100644 index 0000000..70f9985 --- /dev/null +++ b/VPC/Modules/igw-nat/variables.tf @@ -0,0 +1,38 @@ +variable "public_subnets_cidr_blocks" { + description = "List of CIDR blocks for public subnets" + type = list(string) + +} + +variable "private_subnets_cidr_blocks" { + description = "List of CIDR blocks for private subnets" + type = list(string) + +} +variable "tags" { + description = "Global tags to apply to all resources" + type = map(string) + default = {} +} + +variable "name" { + description = "Global name for all resources" + type = string + default = "" +} + +variable "vpc_id" { + description = "VPC ID" + type = string +} + +variable "public_subnets" { + description = "List of IDs of public subnets" + type = list(string) +} + +variable "private_subnets" { + description = "List of IDs of private subnets" + type = list(string) + +} \ No newline at end of file diff --git a/VPC/Modules/route-tables/main.tf b/VPC/Modules/route-tables/main.tf new file mode 100644 index 0000000..02af097 --- /dev/null +++ b/VPC/Modules/route-tables/main.tf @@ -0,0 +1,84 @@ +######################################################################### +# Route Tables for VPC +######################################################################### +locals{ + create_public_route_table = length(var.public_subnets_cidr_blocks) > 0 + create_private_route_table = length(var.private_subnets_cidr_blocks) > 0 + create_route_to_igw = local.create_public_route_table + create_route_to_nat = local.create_private_route_table + + + +} +######################################################################### +# Public RT and Rules +######################################################################### +resource "aws_route_table" "public" { + count = local.create_public_route_table ? 1:0 + vpc_id = var.vpc_id + + tags = merge( + { + Name = "${var.name}-public-route-table" + }, + var.tags + ) +} +resource "aws_route" "public_internet_gateway" { + count = local.create_route_to_igw ? 1:0 + + route_table_id = aws_route_table.public[count.index].id + destination_cidr_block = "0.0.0.0/0" + gateway_id = var.igw_id + + +} + +######################################################################### +# Public RT Association +######################################################################### +resource "aws_route_table_association" "public_association" { + count = var.create_public_subnets ? length(var.public_subnets) : 0 + + subnet_id = var.public_subnets[count.index] + route_table_id = aws_route_table.public[0].id + +} + + +######################################################################### +# Private RT and Rules +######################################################################### + +resource "aws_route_table" "private" { + count = local.create_private_route_table ? 1:0 + vpc_id = var.vpc_id + + tags = merge( + { + Name = "${var.name}-private-route-table" + }, + var.tags + ) +} + + +resource "aws_route" "private_nat_gateway" { + count = local.create_private_route_table ? 1 : 0 + + route_table_id = aws_route_table.private[count.index].id + destination_cidr_block = "0.0.0.0/0" + nat_gateway_id = var.nat_id + +} + +######################################################################### +# Private RT Association +######################################################################### +resource "aws_route_table_association" "private_association" { + count = var.create_private_subnets ? length(var.private_subnets) : 0 + + subnet_id = var.private_subnets[count.index] + route_table_id = aws_route_table.private[0].id + +} \ No newline at end of file diff --git a/VPC/Modules/route-tables/outputs.tf b/VPC/Modules/route-tables/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Modules/route-tables/variables.tf b/VPC/Modules/route-tables/variables.tf new file mode 100644 index 0000000..3bddffb --- /dev/null +++ b/VPC/Modules/route-tables/variables.tf @@ -0,0 +1,59 @@ +variable "tags" { + description = "Global tags to apply to all resources" + type = map(string) + default = {} +} +variable "public_subnets_cidr_blocks" { + description = "List of CIDR blocks for public subnets" + type = list(string) + default = [""] + +} +variable "private_subnets_cidr_blocks" { + description = "List of CIDR blocks for private_ subnets" + type = list(string) + default = [""] + +} + +variable "name" { + description = "Global name for all resources" + type = string + default = "" +} +variable "create_public_subnets" { + description = "value of create_public_subnets local variable" + type = string + +} + +variable "create_private_subnets" { + description = "value of create_private_subnets local variable" + type = string + +} + +variable "public_subnets" { + description = "List of IDs of public subnets" + type = list(string) +} + +variable "private_subnets" { + description = "List of IDs of private subnets" + type = list(string) + +} +variable "vpc_id" { + description = "VPC ID" + type = string +} + +variable "igw_id" { + description = "Internet Gateway ID" + type = string +} + +variable "nat_id" { + description = "NAT Gateway ID" + type = string +} \ No newline at end of file diff --git a/VPC/Modules/security-groups/main.tf b/VPC/Modules/security-groups/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Modules/security-groups/outputs.tf b/VPC/Modules/security-groups/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Modules/security-groups/variables.tf b/VPC/Modules/security-groups/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Modules/subnets/outputs.tf b/VPC/Modules/subnets/outputs.tf new file mode 100644 index 0000000..dfc9b9e --- /dev/null +++ b/VPC/Modules/subnets/outputs.tf @@ -0,0 +1,33 @@ +output "public_subnets_cidr_blocks" { + description = "values of public subnets CIDR blocks" + value = aws_subnet.public_subnets[*].cidr_block +} + +output "private_subnets_cidr_blocks" { + description = "values of private subnets CIDR blocks" + value = aws_subnet.private_subnets[*].cidr_block +} + +output "create_public_subnets" { + description = "value of create_public_subnets local variable" + value = local.create_public_subnets +} + +output "create_private_subnets" { + description = "value of create_private_subnets local variable" + value = local.create_private_subnets +} + +output "public_subnets" { + description = "List of IDs of public subnets" + value = aws_subnet.public_subnets[*].id +} + +output "private_subnets" { + description = "List of IDs of private subnets" + value = aws_subnet.private_subnets[*].id +} +output "public_subnet_arns" { + description = "List of ARNs of public subnets" + value = aws_subnet.public_subnets[*].arn +} diff --git a/VPC/Modules/subnets/private.tf b/VPC/Modules/subnets/private.tf new file mode 100644 index 0000000..23d387e --- /dev/null +++ b/VPC/Modules/subnets/private.tf @@ -0,0 +1,24 @@ +########################################################################## +# Private Subnets +########################################################################## + +### Create private subnets if the list of CIDR blocks is not empty +locals { + create_private_subnets = length(var.private_subnets_cidr_blocks) > 0 + +} + +resource "aws_subnet" "private_subnets" { + count = var.create_private_subnets ? length(var.private_subnets_cidr_blocks) : 0 + map_public_ip_on_launch = var.map_public_ip_on_private_subs + vpc_id =var.vpc_id + cidr_block = var.private_subnets_cidr_blocks[count.index] + availability_zone = var.availability_zones[count.index % length(var.availability_zones)] + + tags = merge( + { + Name = "${var.name}private-subnet-${count.index + 1}" + }, + var.tags + ) +} \ No newline at end of file diff --git a/VPC/Modules/subnets/public.tf b/VPC/Modules/subnets/public.tf new file mode 100644 index 0000000..bcb0b4e --- /dev/null +++ b/VPC/Modules/subnets/public.tf @@ -0,0 +1,25 @@ +########################################################################## +# Public Subnets +########################################################################## + +## Create public subnets if the list of CIDR blocks is not empty +locals { + create_public_subnets = length(var.public_subnets_cidr_blocks) > 0 +} + +resource "aws_subnet" "public_subnets" { + count = var.create_pub_subs ? length(var.public_subnets_cidr_blocks) : 0 + vpc_id = var.vpc_id + cidr_block = var.public_subnets_cidr_blocks[count.index] + availability_zone = var.availability_zones[count.index % length(var.availability_zones)] + + map_public_ip_on_launch = var.map_public_ip_on_launch + + tags = merge( + { + Name = "${var.name}public-subnet-${count.index + 1}" + }, + var.tags + ) + +} \ No newline at end of file diff --git a/VPC/Modules/subnets/variables.tf b/VPC/Modules/subnets/variables.tf new file mode 100644 index 0000000..32d3123 --- /dev/null +++ b/VPC/Modules/subnets/variables.tf @@ -0,0 +1,67 @@ + +variable "name" { + description = "Global name for all resources" + type = string + default = "" +} + + +variable "create_pub_subs" { + description = "Bool to create public subnets" + type = bool + default = true +} + + +variable "public_subnets_cidr_blocks" { + description = "List of CIDR blocks for public subnets" + type = list(string) + default = [""] + +} + +variable "availability_zones" { + description = "List of availability zones for the VPC" + type = list(string) + default = [""] + +} + +variable "map_public_ip_on_launch" { + description = "Map public IP on launch for public subnets" + type = bool + default = true + +} + +variable "map_public_ip_on_private_subs" { + description = "Map public IP on launch for public subnets" + type = bool + default = false + +} + +######## private subnets ######### + +variable "create_private_subnets" { + description = "Bool to create private subnets" + type = bool + default = true +} + +variable "private_subnets_cidr_blocks" { + description = "List of private subnets CIDR blocks" + type = list(string) + default = [""] +} + +variable "tags" { + description = "Global tags to apply to all resources" + type = map(string) + default = {} +} + +variable "vpc_id" { + description = "VPC ID" + type = string +} \ No newline at end of file From 8ceafc069eb91416430a0ead55f9e4a30885a0c0 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Mon, 23 Jun 2025 16:33:53 -0400 Subject: [PATCH 15/43] newest commit --- VPC/Environment/Dev/.gitignore | 41 +++++++++ VPC/Environment/Test/.gitignore | 41 +++++++++ VPC/Environment/Test/.terraform.lock.hcl | 25 ++++++ VPC/Environment/Test/backend.tf | 8 ++ VPC/Environment/Test/main.tf | 62 ++++++++++++++ VPC/Environment/Test/outputs.tf | 0 VPC/Environment/Test/providers.tf | 13 +++ VPC/Environment/Test/variables.tf | 102 +++++++++++++++++++++++ VPC/Modules/igw-nat/.gitignore | 41 +++++++++ VPC/Modules/route-tables/.gitignore | 41 +++++++++ VPC/Modules/security-groups/.gitignore | 41 +++++++++ VPC/Modules/subnets/.gitignore | 41 +++++++++ 12 files changed, 456 insertions(+) create mode 100644 VPC/Environment/Dev/.gitignore create mode 100644 VPC/Environment/Test/.gitignore create mode 100644 VPC/Environment/Test/.terraform.lock.hcl create mode 100644 VPC/Environment/Test/backend.tf create mode 100644 VPC/Environment/Test/main.tf create mode 100644 VPC/Environment/Test/outputs.tf create mode 100644 VPC/Environment/Test/providers.tf create mode 100644 VPC/Environment/Test/variables.tf create mode 100644 VPC/Modules/igw-nat/.gitignore create mode 100644 VPC/Modules/route-tables/.gitignore create mode 100644 VPC/Modules/security-groups/.gitignore create mode 100644 VPC/Modules/subnets/.gitignore diff --git a/VPC/Environment/Dev/.gitignore b/VPC/Environment/Dev/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VPC/Environment/Dev/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC/Environment/Test/.gitignore b/VPC/Environment/Test/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VPC/Environment/Test/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC/Environment/Test/.terraform.lock.hcl b/VPC/Environment/Test/.terraform.lock.hcl new file mode 100644 index 0000000..8a42b7f --- /dev/null +++ b/VPC/Environment/Test/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "6.0.0-beta2" + constraints = "6.0.0-beta2" + hashes = [ + "h1:HUSfZFXOxU04oYqBSt4hwDecE5HRuExIYHEXZgelU/s=", + "zh:0ce9991734cbb33ef01b6034f9240a71c1d5de83b96b1c9bd04fdb90217e08a4", + "zh:3651f84c9b1a1ae49c9d93cf866e20547b5fe05b8347f535b297582ec24b271a", + "zh:4e52271e0b65ae1d06ef3e7faf0904c8c4df967424fca39ebfa566feda78533c", + "zh:619b2587d835e2547386cc139a264ce676812003869fb9dde62e91a7299d658f", + "zh:6ecb46509509a34af653aa64f0871460a738e7cce287ca147327f13b1f6038ba", + "zh:76555a37ba40a730c413e4b2dd77cefcac4a81d6f44b1fa50de116c5b8eee3fb", + "zh:7c33e147f7a2f59bc82b1ff20332596df329d7180f2ff1406aab0710742b4127", + "zh:7c8a24847bf4b573bf5db782e06fc252ca79899d892aa0a2ae4ee4cab55c7fd8", + "zh:828f1e40ec97227ca590292ed91b9e809150f8f5aa58b25f35d6291f7b6688c1", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9d6f6d1fa01ee87b3a2820f21f46204c89c22037a7838290d13d41ec29424639", + "zh:b77482d7947cd159d6c36083d3cbc0008ba5c479c5d143a4fff07abbfd9b54e1", + "zh:bb81fd7b8bd42b6a29f574c0eaa5b3b5faa904b62d844c0be4d8eea7a1bcde9d", + "zh:c200b02f1aaa0e82231553023619441e92def81b6248251bef021ec978bd6735", + "zh:e44c2d368db0bedd3d123f23ae0b96816d085e7da30736f2691b88c0318dfc79", + ] +} diff --git a/VPC/Environment/Test/backend.tf b/VPC/Environment/Test/backend.tf new file mode 100644 index 0000000..6724c89 --- /dev/null +++ b/VPC/Environment/Test/backend.tf @@ -0,0 +1,8 @@ +terraform { + backend "s3" { + bucket = "terraform-state-bucket1237546" + key = "dev-vpc-module-by-terraform-state.tfstate" + region = "us-east-1" + use_lockfile = true + } +} diff --git a/VPC/Environment/Test/main.tf b/VPC/Environment/Test/main.tf new file mode 100644 index 0000000..3cb7cfa --- /dev/null +++ b/VPC/Environment/Test/main.tf @@ -0,0 +1,62 @@ +locals { + region = "us-east-1" + envrionment = "Test" + Project = "Smooth" + global_name = "${var.name}-${local.envrionment}-${local.Project}" + tags = { + Envrionment = local.envrionment + Project = local.Project + } + +} + +module "vpc" { + source = "../../Modules/vpc" + name = "Smooth" + vpc_cidr = "10.0.0.0/16" + enable_dns_hostnames = true + enable_dns_support = true + tags = local.tags +} + +module "subnets" { + source = "../../Modules/subnets" + create_pub_subs = true + name = "Smooth" + create_private_subnets = true + public_subnets_cidr_blocks = ["10.0.0.0/24", "10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] + private_subnets_cidr_blocks = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24", "10.0.7.0/24"] + availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] + map_public_ip_on_launch = true + map_public_ip_on_private_subs = false + vpc_id = module.vpc.vpc_id + tags = local.tags + +} + +module "route-tables" { + source = "../../Modules/route-tables" + vpc_id = module.vpc.vpc_id + public_subnets = module.subnets.public_subnets + private_subnets = module.subnets.private_subnets + tags = local.tags + create_public_subnets = module.subnets.create_public_subnets + create_private_subnets = module.subnets.create_private_subnets + public_subnets_cidr_blocks = module.subnets.public_subnets_cidr_blocks + private_subnets_cidr_blocks = module.subnets.private_subnets_cidr_blocks + nat_id = module.igw-nat.nat_id + igw_id = module.igw-nat.igw_id + name = "Smooth" +} + +module "igw-nat" { + source = "../../Modules/igw-nat" + vpc_id = module.vpc.vpc_id + public_subnets = module.subnets.public_subnets + tags = local.tags + public_subnets_cidr_blocks = module.subnets.public_subnets_cidr_blocks + private_subnets_cidr_blocks = module.subnets.private_subnets_cidr_blocks + private_subnets = module.subnets.private_subnets + name = "Smooth" + +} \ No newline at end of file diff --git a/VPC/Environment/Test/outputs.tf b/VPC/Environment/Test/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Environment/Test/providers.tf b/VPC/Environment/Test/providers.tf new file mode 100644 index 0000000..bd011dc --- /dev/null +++ b/VPC/Environment/Test/providers.tf @@ -0,0 +1,13 @@ +terraform { + required_version = ">= 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "6.0.0-beta2" + } + } + +} +provider "aws" { + region = local.region +} diff --git a/VPC/Environment/Test/variables.tf b/VPC/Environment/Test/variables.tf new file mode 100644 index 0000000..cf3df93 --- /dev/null +++ b/VPC/Environment/Test/variables.tf @@ -0,0 +1,102 @@ + +########################################################## +# VPC +########################################################## +variable "name" { + description = "Global name for all resources" + type = string + default = "" +} + +variable "vpc_cidr" { + description = "VPC CIDR" + type = string + default = "" +} + +variable "enable_dns_support" { + description = "Enable DNS Support for VPC" + type = bool + default = true +} + +variable "enable_dns_hostnames" { + description = "Enable Hostnames for VPC" + type = bool + default = true +} + +variable "tags" { + description = "Global tags to apply to all resources" + type = map(string) + default = {} +} + +########################################################## +#Subnets +########################################################## + +variable "create_private_subnets" { + description = "Bool to create private subnets" + type = bool + default = true +} + +variable "create_pub_subs" { + description = "Bool to create public subnets" + type = bool + default = true +} + +variable "public_subnets_cidr_blocks" { + description = "List of CIDR blocks for public subnets" + type = list(string) + default = [""] + +} + +variable "availability_zones" { + description = "List of availability zones for the VPC" + type = list(string) + default = [""] + +} + +variable "map_public_ip_on_launch" { + description = "Map public IP on launch for public subnets" + type = bool + default = true + +} + +variable "map_public_ip_on_private_subs" { + description = "Map public IP on launch for public subnets" + type = bool + default = false + +} + +variable "private_subnets_cidr_blocks" { + description = "List of private subnets CIDR blocks" + type = list(string) + default = [""] +} + +#### Route Tables #### +# variable "public_subnets" { +# description = "List of IDs of public subnets" +# } + +# variable "private_subnets" { +# description = "List of IDs of private subnets" + +# } +# variable "igw_id" { +# description = "Internet Gateway ID" +# type = string +# } + +# variable "nat_id" { +# description = "NAT Gateway ID" +# type = string +# } diff --git a/VPC/Modules/igw-nat/.gitignore b/VPC/Modules/igw-nat/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VPC/Modules/igw-nat/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC/Modules/route-tables/.gitignore b/VPC/Modules/route-tables/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VPC/Modules/route-tables/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC/Modules/security-groups/.gitignore b/VPC/Modules/security-groups/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VPC/Modules/security-groups/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC/Modules/subnets/.gitignore b/VPC/Modules/subnets/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VPC/Modules/subnets/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file From 8e95805d47d3b9d2539399c0da89ef52912d6fd2 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 25 Jun 2025 12:53:44 -0400 Subject: [PATCH 16/43] changed the modules --- VPC/Environment/Test/main.tf | 226 +++++++++++++++++---- VPC/Environment/Test/variables.tf | 96 +-------- VPC/Modules/VPC/igw-nat.tf | 49 ----- VPC/Modules/VPC/main.tf | 13 +- VPC/Modules/VPC/outputs.tf | 36 +++- VPC/Modules/VPC/variables.tf | 48 +++-- VPC/Modules/igw-nat/main.tf | 95 +++++++-- VPC/Modules/igw-nat/outputs.tf | 39 +++- VPC/Modules/igw-nat/variables.tf | 61 +++--- VPC/Modules/route-tables/main.tf | 240 ++++++++++++++++++----- VPC/Modules/route-tables/outputs.tf | 9 + VPC/Modules/route-tables/variables.tf | 164 ++++++++++++---- VPC/Modules/security-groups/main.tf | 70 +++++++ VPC/Modules/security-groups/variables.tf | 48 +++++ VPC/Modules/subnets/outputs.tf | 26 ++- VPC/Modules/subnets/private.tf | 50 +++-- VPC/Modules/subnets/public.tf | 40 ++-- VPC/Modules/subnets/variables.tf | 100 ++++++---- 18 files changed, 994 insertions(+), 416 deletions(-) delete mode 100644 VPC/Modules/VPC/igw-nat.tf diff --git a/VPC/Environment/Test/main.tf b/VPC/Environment/Test/main.tf index 3cb7cfa..cb8d0f3 100644 --- a/VPC/Environment/Test/main.tf +++ b/VPC/Environment/Test/main.tf @@ -1,62 +1,210 @@ locals { region = "us-east-1" + region_2 = "us-east-2" envrionment = "Test" Project = "Smooth" - global_name = "${var.name}-${local.envrionment}-${local.Project}" + global_name = "${var.name}-${local.Project}-${local.envrionment}" tags = { Envrionment = local.envrionment Project = local.Project } } - +#################################################################### +# VPC +#################################################################### module "vpc" { - source = "../../Modules/vpc" - name = "Smooth" - vpc_cidr = "10.0.0.0/16" - enable_dns_hostnames = true - enable_dns_support = true - tags = local.tags + source = "../../Modules/vpc" + name = local.global_name + + vpc_attributes = { + vpc = { + cidr_block = "10.0.0.0/16" + enable_dns_support = true + enable_dns_hostnames = true + region = local.region + } + vpc_2 = { + cidr_block = "10.10.0.0/16" + enable_dns_support = false + enable_dns_hostnames = false + region = local.region_2 + } + } + tags = local.tags } +#################################################################### +# Subnets +#################################################################### module "subnets" { - source = "../../Modules/subnets" - create_pub_subs = true - name = "Smooth" - create_private_subnets = true - public_subnets_cidr_blocks = ["10.0.0.0/24", "10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] - private_subnets_cidr_blocks = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24", "10.0.7.0/24"] - availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] - map_public_ip_on_launch = true - map_public_ip_on_private_subs = false - vpc_id = module.vpc.vpc_id - tags = local.tags + source = "../../Modules/subnets" + name = local.global_name + public_subnets = { + pub_subnet_1 = { + vpc_id = module.vpc.vpc_id["vpc"] + cidr_block = ["10.0.0.0/24"] + availability_zone = ["us-east-1a"] + map_public_ip_on_launch = true + } + pub_subnet_2 = { + vpc_id = module.vpc.vpc_id["vpc"] + cidr_block = ["10.0.1.0/24"] + availability_zone = ["us-east-1b"] + map_public_ip_on_launch = true + } + } + private_subnets = { + priv_subnet_1 = { + vpc_id = module.vpc.vpc_id["vpc"] + cidr_block = ["10.0.2.0/24"] + availability_zone = ["us-east-1a"] + map_public_ip_on_launch = false + } + priv_subnet_2 = { + vpc_id = module.vpc.vpc_id["vpc"] + cidr_block = ["10.0.3.0/24"] + availability_zone = ["us-east-1b"] + map_public_ip_on_launch = false + } + } } +#################################################################### +# Route Tables +#################################################################### module "route-tables" { - source = "../../Modules/route-tables" - vpc_id = module.vpc.vpc_id - public_subnets = module.subnets.public_subnets - private_subnets = module.subnets.private_subnets - tags = local.tags - create_public_subnets = module.subnets.create_public_subnets - create_private_subnets = module.subnets.create_private_subnets - public_subnets_cidr_blocks = module.subnets.public_subnets_cidr_blocks - private_subnets_cidr_blocks = module.subnets.private_subnets_cidr_blocks - nat_id = module.igw-nat.nat_id - igw_id = module.igw-nat.igw_id - name = "Smooth" + source = "../../Modules/route-tables" + name = local.global_name + tags = local.tags + public_route_tables = { + public_rt1 = { + vpc_id = module.vpc.vpc_id["vpc"] + region = local.region + } + } + + public_routes = { + public_routes = { + type = "public" + route_table_id = module.route-tables.public_route_table_id["public_rt1"] + destination_cidr_block = "0.0.0.0/0" + gateway_id = module.igw-nat.igw_id["igw"] + } + } + public_route_table_associations = { + pub_rt1_subnet1 = { # unique key + route_table_id = module.route-tables.public_route_table_id["public_rt1"] + subnet_id = module.subnets.public_subnets["pub_subnet_1"] + } + pub_rt1_subnet2 = { + route_table_id = module.route-tables.public_route_table_id["public_rt1"] + subnet_id = module.subnets.public_subnets["pub_subnet_2"] + } + + } + # Accessing the first public subnet + + private_route_tables = { + private_rt1 = { + vpc_id = module.vpc.vpc_id["vpc"] + region = local.region + } + } + private_routes = { + private_route = { + type = "private" + route_table_id = module.route-tables.private_route_table_id["private_rt1"] # Syntax = module<[keyname]> + destination_cidr_block = "0.0.0.0/0" + nat_gateway_id = module.igw-nat.nat_id["main_nat"] + } + } + + private_route_table_associations = { + priv_rt1_subnet1 = { # unique key + route_table_id = module.route-tables.private_route_table_id["private_rt1"] + subnet_id = module.subnets.private_subnets["priv_subnet_1"] + } + priv_rt1_subnet2 = { + route_table_id = module.route-tables.private_route_table_id["private_rt1"] + subnet_id = module.subnets.private_subnets["priv_subnet_2"] + } +} } + + + +#################################################################### +# Internet Gateway and NAT Gateway +#################################################################### module "igw-nat" { - source = "../../Modules/igw-nat" - vpc_id = module.vpc.vpc_id - public_subnets = module.subnets.public_subnets - tags = local.tags - public_subnets_cidr_blocks = module.subnets.public_subnets_cidr_blocks - private_subnets_cidr_blocks = module.subnets.private_subnets_cidr_blocks - private_subnets = module.subnets.private_subnets - name = "Smooth" + source = "../../Modules/igw-nat" + eip = { + main_eip = { + region = local.region + tags = local.tags + } + } + + nat_gateway = { + main_nat = { + allocation_id = module.igw-nat.allocation_id["main_eip"] + subnet_id = module.subnets.public_subnets["pub_subnet_1"] # no need to add .id because it is already a string and established in the outputs + } + } + + internet_gateway = { + igw = { + vpc_id = module.vpc.vpc_id["vpc"] + tags = local.tags + } + } + name = local.global_name +} + + + + +#################################################################### +# Security Groups +#################################################################### +module "security-groups" { + source = "../../Modules/security-groups" + vpc_id = module.vpc.vpc_id["vpc"] + name = local.global_name + tags = local.tags + + security_group_description = "Security group for Smooth project" + + ingress_rules = [ + + { + type = "ingress" + from_port = 22 + to_port = 22 + protocol = "tcp" + description = "Allow SSH access" + cidr_blocks = ["0.0.0.0/0"] + }, + { + type = "ingress" + from_port = 80 + to_port = 80 + protocol = "tcp" + description = "Allow HTTP access" + cidr_blocks = ["0.0.0.0/0"] + }, + { + type = "ingress" + from_port = 443 + to_port = 443 + protocol = "tcp" + description = "Allow HTTPS access" + cidr_blocks = ["0.0.0.0/0"] + } + + ] } \ No newline at end of file diff --git a/VPC/Environment/Test/variables.tf b/VPC/Environment/Test/variables.tf index cf3df93..4ac718b 100644 --- a/VPC/Environment/Test/variables.tf +++ b/VPC/Environment/Test/variables.tf @@ -5,98 +5,12 @@ variable "name" { description = "Global name for all resources" type = string - default = "" + default = "Tim" } -variable "vpc_cidr" { - description = "VPC CIDR" - type = string - default = "" -} - -variable "enable_dns_support" { - description = "Enable DNS Support for VPC" - type = bool - default = true -} - -variable "enable_dns_hostnames" { - description = "Enable Hostnames for VPC" - type = bool - default = true -} - -variable "tags" { - description = "Global tags to apply to all resources" - type = map(string) - default = {} -} - -########################################################## -#Subnets -########################################################## - -variable "create_private_subnets" { - description = "Bool to create private subnets" - type = bool - default = true -} - -variable "create_pub_subs" { - description = "Bool to create public subnets" - type = bool - default = true -} - -variable "public_subnets_cidr_blocks" { - description = "List of CIDR blocks for public subnets" - type = list(string) - default = [""] - -} - -variable "availability_zones" { - description = "List of availability zones for the VPC" - type = list(string) - default = [""] - -} - -variable "map_public_ip_on_launch" { - description = "Map public IP on launch for public subnets" - type = bool - default = true - -} - -variable "map_public_ip_on_private_subs" { - description = "Map public IP on launch for public subnets" - type = bool - default = false - -} - -variable "private_subnets_cidr_blocks" { - description = "List of private subnets CIDR blocks" - type = list(string) - default = [""] -} - -#### Route Tables #### -# variable "public_subnets" { -# description = "List of IDs of public subnets" -# } - -# variable "private_subnets" { -# description = "List of IDs of private subnets" - -# } -# variable "igw_id" { -# description = "Internet Gateway ID" -# type = string +# variable "tags" { +# description = "Global tags to apply to all resources" +# type = map(string) +# default = {} # } -# variable "nat_id" { -# description = "NAT Gateway ID" -# type = string -# } diff --git a/VPC/Modules/VPC/igw-nat.tf b/VPC/Modules/VPC/igw-nat.tf deleted file mode 100644 index b79fede..0000000 --- a/VPC/Modules/VPC/igw-nat.tf +++ /dev/null @@ -1,49 +0,0 @@ - -############################################################## -# Module: igw-nat -################################################################ -## Create IGW and NAT Gateway if the VPC is created and the respective subnet CIDR blocks are provided - - -locals { - create_igw = var.create_vpc && length(var.public_subnets_cidr_blocks) > 0 - create_nat_gateway = var.create_vpc && length(var.private_subnets_cidr_blocks) > 0 - create_eip = var.create_vpc && length(var.private_subnets_cidr_blocks) > 0 -} - -resource "aws_eip" "this_eip" { - count = local.create_eip ? 1 : 0 - - tags = merge( - { - Name = "${var.name}-nat-eip" - }, - var.tags - ) -} - -resource "aws_internet_gateway" "this_igw" { - count = local.create_igw ? 1 : 0 - vpc_id = aws_vpc.this_vpc[0].id - - tags = merge( - { - Name = "${var.name}-igw" - }, - var.tags - ) - -} - -resource "aws_nat_gateway" "this_nat" { - count = local.create_nat_gateway ? 1:0 - allocation_id = aws_eip.this_eip[0].id - subnet_id = aws_subnet.public_subnets[0].id - - tags = merge( - { - Name = "${var.name}-nat-gateway" - }, - var.tags - ) -} \ No newline at end of file diff --git a/VPC/Modules/VPC/main.tf b/VPC/Modules/VPC/main.tf index 8c6bde7..b2e889e 100644 --- a/VPC/Modules/VPC/main.tf +++ b/VPC/Modules/VPC/main.tf @@ -3,11 +3,13 @@ ########################################################################## + resource "aws_vpc" "this_vpc" { - # count = var.create_vpc ? 1: 0 - cidr_block = var.vpc_cidr - enable_dns_support = var.enable_dns_support - enable_dns_hostnames = var.enable_dns_hostnames + for_each = var.vpc_attributes + cidr_block = each.value.cidr_block + enable_dns_support = each.value.enable_dns_support + enable_dns_hostnames = each.value.enable_dns_hostnames + region = each.value.region tags = merge( { @@ -15,4 +17,5 @@ resource "aws_vpc" "this_vpc" { }, var.tags ) -} \ No newline at end of file +} + diff --git a/VPC/Modules/VPC/outputs.tf b/VPC/Modules/VPC/outputs.tf index 3af979f..5d30f40 100644 --- a/VPC/Modules/VPC/outputs.tf +++ b/VPC/Modules/VPC/outputs.tf @@ -1,14 +1,34 @@ -output "vpc_cidr" { - description = "VPC CIDR" - value = aws_vpc.this_vpc.cidr_block -} output "vpc_id" { description = "VPC ID" - value = aws_vpc.this_vpc.id + value = {for k, v in aws_vpc.this_vpc : k => v.id} + +} + +output "vpc_cidr" { + description = "VPC CIDR" + value = {for k, v in aws_vpc.this_vpc : k => v.cidr_block} + } -output "vpc_arn" { +output "name" { description = "VPC ARN" - value = aws_vpc.this_vpc.arn -} \ No newline at end of file + value = var.name +} + + + +# output "vpc_cidr" { +# description = "VPC CIDR" +# value = aws_vpc.this_vpc.cidr_block +# } + +# output "vpc_id" { +# description = "VPC ID" +# value = aws_vpc.this_vpc.id +# } + +# output "vpc_arn" { +# description = "VPC ARN" +# value = aws_vpc.this_vpc.arn +# } diff --git a/VPC/Modules/VPC/variables.tf b/VPC/Modules/VPC/variables.tf index 58fbca8..c61beb3 100644 --- a/VPC/Modules/VPC/variables.tf +++ b/VPC/Modules/VPC/variables.tf @@ -6,26 +6,38 @@ variable "name" { default = "" } -variable "vpc_cidr" { - description = "VPC CIDR" - type = string - default = "" -} - -variable "enable_dns_support" { - description = "Enable DNS Support for VPC" - type = bool - default = true -} - -variable "enable_dns_hostnames" { - description = "Enable Hostnames for VPC" - type = bool - default = true -} variable "tags" { description = "Global tags to apply to all resources" type = map(string) default = {} -} \ No newline at end of file +} + +variable "vpc_attributes" { + description = "Additional attributes for the VPC" + type = map(object({ + cidr_block = string + enable_dns_support = bool + enable_dns_hostnames = bool + region = string + })) + +} + +# variable "vpc_cidr" { +# description = "VPC CIDR" +# type = string +# default = "" +# } + +# variable "enable_dns_support" { +# description = "Enable DNS Support for VPC" +# type = bool +# default = true +# } + +# variable "enable_dns_hostnames" { +# description = "Enable Hostnames for VPC" +# type = bool +# default = true +# } \ No newline at end of file diff --git a/VPC/Modules/igw-nat/main.tf b/VPC/Modules/igw-nat/main.tf index a7a8495..0620e67 100644 --- a/VPC/Modules/igw-nat/main.tf +++ b/VPC/Modules/igw-nat/main.tf @@ -5,14 +5,11 @@ ## Create IGW and NAT Gateway if the VPC is created and the respective subnet CIDR blocks are provided -locals { - create_igw = length(var.public_subnets_cidr_blocks) > 0 - create_nat_gateway = length(var.private_subnets_cidr_blocks) > 0 - create_eip = length(var.private_subnets_cidr_blocks) > 0 -} - +################################################################### +# Elastic IP for NAT Gateways +#################################################################### resource "aws_eip" "this_eip" { - count = local.create_eip ? 1 : 0 + for_each = var.eip tags = merge( { @@ -22,28 +19,92 @@ resource "aws_eip" "this_eip" { ) } -resource "aws_internet_gateway" "this_igw" { - count = local.create_igw ? 1 : 0 - vpc_id = var.vpc_id +#################################################################### +# Internet Gateway +#################################################################### +resource "aws_internet_gateway" "this_igw" { + for_each = var.internet_gateway + vpc_id = each.value.vpc_id tags = merge( { Name = "${var.name}-igw" }, var.tags + ) - } + ############################################################# + # NAT Gateways + ############################################################# -resource "aws_nat_gateway" "this_nat" { - count = local.create_nat_gateway ? 1:0 - allocation_id = aws_eip.this_eip[0].id - subnet_id = var.public_subnets[0] # Assuming the first public subnet is used for the NAT Gateway - +resource aws_nat_gateway "this_nat"{ + for_each = var.nat_gateway + allocation_id = each.value.allocation_id + subnet_id = each.value.subnet_id tags = merge( { Name = "${var.name}-nat-gateway" }, var.tags + ) -} \ No newline at end of file +} + + + + + + + + + + + + + + + + +# locals { +# create_igw = length(var.public_subnets_cidr_blocks) > 0 +# create_nat_gateway = length(var.private_subnets_cidr_blocks) > 0 +# create_eip = length(var.private_subnets_cidr_blocks) > 0 +# } + +# resource "aws_eip" "this_eip" { +# count = local.create_eip ? 1 : 0 + +# tags = merge( +# { +# Name = "${var.name}-nat-eip" +# }, +# var.tags +# ) +# } + +# resource "aws_internet_gateway" "this_igw" { +# count = local.create_igw ? 1 : 0 +# vpc_id = var.vpc_id + +# tags = merge( +# { +# Name = "${var.name}-igw" +# }, +# var.tags +# ) + +# } + +# resource "aws_nat_gateway" "this_nat" { +# count = local.create_nat_gateway ? 1:0 +# allocation_id = aws_eip.this_eip[0].id +# subnet_id = var.public_subnets[0] # Assuming the first public subnet is used for the NAT Gateway + +# tags = merge( +# { +# Name = "${var.name}-nat-gateway" +# }, +# var.tags +# ) +# } \ No newline at end of file diff --git a/VPC/Modules/igw-nat/outputs.tf b/VPC/Modules/igw-nat/outputs.tf index 21c7e99..fc2d385 100644 --- a/VPC/Modules/igw-nat/outputs.tf +++ b/VPC/Modules/igw-nat/outputs.tf @@ -1,9 +1,42 @@ + + output "igw_id" { description = "The ID of the Internet Gateway" - value = aws_internet_gateway.this_igw[0].id + value = {for k, v in aws_internet_gateway.this_igw : k => v.id} + } output "nat_id" { description = "The ID of the NAT Gateway" - value = aws_nat_gateway.this_nat[0].id -} \ No newline at end of file + value = {for k, v in aws_nat_gateway.this_nat : k => v.id} + +} + + + +output "allocation_id" { + description = "The ID of the EIP" + value = {for k, v in aws_eip.this_eip : k => v.id} +} + + + + + + + + + + + + + +# output "igw_id" { +# description = "The ID of the Internet Gateway" +# value = aws_internet_gateway.this_igw[0].id +# } + +# output "nat_id" { +# description = "The ID of the NAT Gateway" +# value = aws_nat_gateway.this_nat[0].id +# } \ No newline at end of file diff --git a/VPC/Modules/igw-nat/variables.tf b/VPC/Modules/igw-nat/variables.tf index 70f9985..e82b1be 100644 --- a/VPC/Modules/igw-nat/variables.tf +++ b/VPC/Modules/igw-nat/variables.tf @@ -1,14 +1,4 @@ -variable "public_subnets_cidr_blocks" { - description = "List of CIDR blocks for public subnets" - type = list(string) -} - -variable "private_subnets_cidr_blocks" { - description = "List of CIDR blocks for private subnets" - type = list(string) - -} variable "tags" { description = "Global tags to apply to all resources" type = map(string) @@ -17,22 +7,49 @@ variable "tags" { variable "name" { description = "Global name for all resources" - type = string - default = "" + type = string + } +variable "eip" { + description = "EIP for NAT Gateway" + type = map(object({ + region = optional(string) + tags = optional(map(string)) # Optional tags for the EIP + domain = optional(string) # Indicates if this EIP is for use in VPC (vpc) + instance_id = optional(string) # EC2 instance ID for EIP association + network_interface_id = optional(string) # Network interface ID for EIP association -variable "vpc_id" { - description = "VPC ID" - type = string + })) + } -variable "public_subnets" { - description = "List of IDs of public subnets" - type = list(string) +variable "nat_gateway" { + description = "Map of NAT Gateway configurations" + type = map(object({ + allocation_id = string + subnet_id = string + tags = optional(map(string)) # Optional tags for the NAT Gateway + })) } -variable "private_subnets" { - description = "List of IDs of private subnets" - type = list(string) +variable "internet_gateway" { + description = "Map of Internet Gateway configurations" + type = map(object({ + vpc_id = string + tags = optional(map(string)) # Optional tags for the Internet Gateway + + })) -} \ No newline at end of file +} + + + + + + + + + + + + diff --git a/VPC/Modules/route-tables/main.tf b/VPC/Modules/route-tables/main.tf index 02af097..b1f8095 100644 --- a/VPC/Modules/route-tables/main.tf +++ b/VPC/Modules/route-tables/main.tf @@ -1,84 +1,226 @@ ######################################################################### # Route Tables for VPC -######################################################################### -locals{ - create_public_route_table = length(var.public_subnets_cidr_blocks) > 0 - create_private_route_table = length(var.private_subnets_cidr_blocks) > 0 - create_route_to_igw = local.create_public_route_table - create_route_to_nat = local.create_private_route_table - - +# ######################################################################### -} ######################################################################### # Public RT and Rules ######################################################################### + + + resource "aws_route_table" "public" { - count = local.create_public_route_table ? 1:0 - vpc_id = var.vpc_id - - tags = merge( - { - Name = "${var.name}-public-route-table" - }, - var.tags - ) + for_each = var.public_route_tables + vpc_id = each.value.vpc_id + region = each.value.region + tags = merge( + { + Name = "${var.name}-public-route-table" + }, + var.tags + ) } -resource "aws_route" "public_internet_gateway" { - count = local.create_route_to_igw ? 1:0 - route_table_id = aws_route_table.public[count.index].id - destination_cidr_block = "0.0.0.0/0" - gateway_id = var.igw_id +resource aws_route "public_routes" { + for_each = var.public_routes + route_table_id = each.value.route_table_id + destination_cidr_block = each.value.destination_cidr_block + gateway_id = each.value.gateway_id + + depends_on = [aws_route_table.public ] } + ######################################################################### # Public RT Association ######################################################################### -resource "aws_route_table_association" "public_association" { - count = var.create_public_subnets ? length(var.public_subnets) : 0 - subnet_id = var.public_subnets[count.index] - route_table_id = aws_route_table.public[0].id - +resource "aws_route_table_association" "public_association" { + for_each = var.public_route_table_associations + subnet_id = each.value.subnet_id + route_table_id = each.value.route_table_id } - ######################################################################### # Private RT and Rules ######################################################################### resource "aws_route_table" "private" { - count = local.create_private_route_table ? 1:0 - vpc_id = var.vpc_id - - tags = merge( - { - Name = "${var.name}-private-route-table" - }, - var.tags - ) + for_each = var.private_route_tables + vpc_id = each.value.vpc_id + region = each.value.region + tags = merge( + { + Name = "${var.name}-private-route-table" + }, + var.tags + ) } +resource "aws_route" "private_routes" { + for_each = var.private_routes + route_table_id = each.value.route_table_id + destination_cidr_block = each.value.destination_cidr_block + nat_gateway_id = each.value.nat_gateway_id + + depends_on = [aws_route_table.private ] +} -resource "aws_route" "private_nat_gateway" { - count = local.create_private_route_table ? 1 : 0 - - route_table_id = aws_route_table.private[count.index].id - destination_cidr_block = "0.0.0.0/0" - nat_gateway_id = var.nat_id +######################################################################### +# Private RT Association +######################################################################### +resource "aws_route_table_association" "private_association" { + for_each = var.private_route_table_associations + subnet_id = each.value.subnet_id + route_table_id = each.value.route_table_id } + + + + + + + + + + + + + + + +########################################################################### +# Old Code for Public and Private Route Tables +########################################################################### + +# resource "aws_route_table_association" "private_association" { +# for_each = toset(var.private_route_table_associations) +# subnet_id = each.value +# route_table_id = aws_route_table.private[each.key] + +# depends_on = [aws_route_table.private ] +# } + + + +# resource "aws_route_table_association" "public_association" { +# for_each = toset(var.public_route_table_associations) +# subnet_id = each.value +# route_table_id = each.value.route_table_id + + +# depends_on = [aws_route_table.public ] +# } + + + + + + + +# locals{ +# create_public_route_table = length(var.public_subnets_cidr_blocks) > 0 +# create_private_route_table = length(var.private_subnets_cidr_blocks) > 0 +# create_route_to_igw = local.create_public_route_table +# create_route_to_nat = local.create_private_route_table + + + +# } + + +######################################################################### +# Old Code for Public and Private Route Tables +######################################################################### + +# resource "aws_route_table" "public" { +# count = local.create_public_route_table ? 1:0 +# vpc_id = var.vpc_id + +# tags = merge( +# { +# Name = "${var.name}-public-route-table" +# }, +# var.tags +# ) +# } + +# resource "aws_route" "public_internet_gateway" { +# count = local.create_route_to_igw ? 1:0 + +# route_table_id = aws_route_table.public[count.index].id +# destination_cidr_block = "0.0.0.0/0" +# gateway_id = var.igw_id + + +# } + + + + + + + + + + + + + + + + + + + + +# resource "aws_route_table" "private" { +# for_each = local.create_private_route_table ? toset(["private"]) : toset([]) + +# vpc_id = var.vpc_id + +# tags = merge( +# { +# Name = "${var.name}-private-route-table" +# }, +# var.tags +# ) +# } + + + +# resource "aws_route_table" "private" { +# count = local.create_private_route_table ? 1:0 +# vpc_id = var.vpc_id + +# tags = merge( +# { +# Name = "${var.name}-private-route-table" +# }, +# var.tags +# ) +# } + + +# resource "aws_route" "private_nat_gateway" { +# count = local.create_private_route_table ? 1 : 0 + +# route_table_id = aws_route_table.private[count.index].id +# destination_cidr_block = "0.0.0.0/0" +# nat_gateway_id = var.nat_id + +# } + ######################################################################### # Private RT Association ######################################################################### -resource "aws_route_table_association" "private_association" { - count = var.create_private_subnets ? length(var.private_subnets) : 0 +# resource "aws_route_table_association" "private_association" { +# count = var.create_private_subnets ? length(var.private_subnets) : 0 - subnet_id = var.private_subnets[count.index] - route_table_id = aws_route_table.private[0].id +# subnet_id = var.private_subnets[count.index] +# route_table_id = aws_route_table.private[0].id -} \ No newline at end of file +# } \ No newline at end of file diff --git a/VPC/Modules/route-tables/outputs.tf b/VPC/Modules/route-tables/outputs.tf index e69de29..586149c 100644 --- a/VPC/Modules/route-tables/outputs.tf +++ b/VPC/Modules/route-tables/outputs.tf @@ -0,0 +1,9 @@ +output "public_route_table_id" { + description = "ID of the route table" + value = {for k, v in aws_route_table.public : k =>v.id} +} + +output "private_route_table_id" { + description = "ID of the route table" + value = {for k, v in aws_route_table.private : k => v.id} +} \ No newline at end of file diff --git a/VPC/Modules/route-tables/variables.tf b/VPC/Modules/route-tables/variables.tf index 3bddffb..e5f1b62 100644 --- a/VPC/Modules/route-tables/variables.tf +++ b/VPC/Modules/route-tables/variables.tf @@ -3,57 +3,153 @@ variable "tags" { type = map(string) default = {} } -variable "public_subnets_cidr_blocks" { - description = "List of CIDR blocks for public subnets" - type = list(string) - default = [""] -} -variable "private_subnets_cidr_blocks" { - description = "List of CIDR blocks for private_ subnets" - type = list(string) - default = [""] - -} variable "name" { description = "Global name for all resources" type = string default = "" } -variable "create_public_subnets" { - description = "value of create_public_subnets local variable" - type = string + +##################################### +# Public Route Tables +##################################### + +variable "public_route_tables" { + description = "Map of public route tables" + type = map(object({ + vpc_id = string + region = optional(string, null) # Optional region for the route table + + })) } -variable "create_private_subnets" { - description = "value of create_private_subnets local variable" - type = string - + +##################################### +# Public Routes +##################################### +variable "public_routes" { + description = "Dynamically create routes for the route table" + type = map(object({ + type = optional(string, "public") # Default to public if not specified + route_table_id = string + destination_cidr_block = string + gateway_id = optional(string, null) + nat_gateway_id = optional(string, null) + peering_connection_id = optional(string, null) + transit_gateway_id = optional(string, null) + + })) } -variable "public_subnets" { - description = "List of IDs of public subnets" - type = list(string) +##################################### +# Public Route Table Associations +##################################### +variable "public_route_table_associations" { + description = "Map of public route table associations" + type = map(object({ + route_table_id = string + subnet_id = string + })) } -variable "private_subnets" { - description = "List of IDs of private subnets" - type = list(string) + + +##################################### +# Private Route Tables +##################################### + +variable "private_route_tables" { + description = "Map of private route tables" + type = map(object({ + vpc_id = string + region = optional(string, null) # Optional region for the route table + + })) } -variable "vpc_id" { - description = "VPC ID" - type = string + +##################################### +# Private Route Table Associations +##################################### + +variable "private_route_table_associations" { + description = "Map of private route table associations" + type =map(object({ + route_table_id = string + subnet_id = string + })) } -variable "igw_id" { - description = "Internet Gateway ID" - type = string +##################################### +# Private Routes +##################################### +variable "private_routes" { + description = "Dynamically create routes for the route table" + type = map(object({ + type = optional(string, "public") # Default to public if not specified + route_table_id = optional(string, null) + destination_cidr_block = string + gateway_id = optional(string, null) + nat_gateway_id = optional(string, null) + peering_connection_id = optional(string, null) + transit_gateway_id = optional(string, null) + + })) } -variable "nat_id" { - description = "NAT Gateway ID" - type = string -} \ No newline at end of file + +############################################## +# Old Variables for Public and Private Subnets +############################################## + +# variable "public_subnets" { +# description = "List of IDs of public subnets" +# type = list(string) +# } + +# variable "private_subnets" { +# description = "List of IDs of private subnets" +# type = list(string) + +# } +# variable "create_public_subnets" { +# description = "value of create_public_subnets local variable" +# type = string + +# } + +# variable "create_private_subnets" { +# description = "value of create_private_subnets local variable" +# type = string + +# } + + +# variable "vpc_id" { +# description = "VPC ID" +# type = string +# } + +# variable "igw_id" { +# description = "Internet Gateway ID" +# type = string +# } + +# variable "nat_id" { +# description = "NAT Gateway ID" +# type = string +# } +# variable "public_subnets_cidr_blocks" { +# description = "List of CIDR blocks for public subnets" +# type = list(string) +# default = [""] + +# } +# variable "private_subnets_cidr_blocks" { +# description = "List of CIDR blocks for private_ subnets" +# type = list(string) +# default = [""] + +# } \ No newline at end of file diff --git a/VPC/Modules/security-groups/main.tf b/VPC/Modules/security-groups/main.tf index e69de29..4ce9c08 100644 --- a/VPC/Modules/security-groups/main.tf +++ b/VPC/Modules/security-groups/main.tf @@ -0,0 +1,70 @@ +###################################################################### +### Security Group ### +###################################################################### +resource "aws_security_group" "this_sg" { + vpc_id = var.vpc_id + description = var.security_group_description + + + tags = merge( + { + Name = "${var.name}-sg" + }, + var.tags + ) +} + + + + +resource "aws_security_group_rule" "ingress" { + for_each = { + for i, rule in var.ingress_rules : "rule-${i}" => rule + } + + type = "ingress" + from_port = each.value.from_port + to_port = each.value.to_port + protocol = each.value.protocol + description = each.value.description + cidr_blocks = lookup(each.value, "cidr_blocks", []) + security_group_id = aws_security_group.this_sg.id +} + + + + + + + + + + + + + + + + + + + + + + + + +# resource "aws_security_group_rule" "ingress" { +# for_each = var.ingress_rules +# type = "ingress" +# from_port = each.value.from_port +# to_port = each.value.to_port +# protocol = each.value.protocol +# security_group_id = aws_security_group.this_sg.id +# cidr_blocks = [each.value.cidr_blocks] + +# description = each.value.description + +# depends_on = [ aws_security_group.this_sg ] +# } + diff --git a/VPC/Modules/security-groups/variables.tf b/VPC/Modules/security-groups/variables.tf index e69de29..10545af 100644 --- a/VPC/Modules/security-groups/variables.tf +++ b/VPC/Modules/security-groups/variables.tf @@ -0,0 +1,48 @@ +variable "name" { + description = "Global name" + type = string + +} + +# variable "security_group_id" { +# description = "Security Group ID" +# default = aws_security_group.this_sg.id + +# } + + +variable "tags" { + description = "Tags for the resources" + type = map(string) + default = {} + +} + +variable "vpc_id" { + description = "VPC ID" + type = string + +} + +variable "security_group_description" { + description = "description for the security group" + type = string + +} + + +variable "ingress_rules" { + description = "List of ingress rules" + type = list(object({ + + from_port = number + to_port = number + protocol = string + description = string + cidr_blocks = optional(list(string), []) + })) +} + + + + diff --git a/VPC/Modules/subnets/outputs.tf b/VPC/Modules/subnets/outputs.tf index dfc9b9e..344a646 100644 --- a/VPC/Modules/subnets/outputs.tf +++ b/VPC/Modules/subnets/outputs.tf @@ -1,33 +1,29 @@ + output "public_subnets_cidr_blocks" { description = "values of public subnets CIDR blocks" - value = aws_subnet.public_subnets[*].cidr_block + value = {for k, v in aws_subnet.public_subnets : k => v.cidr_block} } output "private_subnets_cidr_blocks" { description = "values of private subnets CIDR blocks" - value = aws_subnet.private_subnets[*].cidr_block -} - -output "create_public_subnets" { - description = "value of create_public_subnets local variable" - value = local.create_public_subnets -} - -output "create_private_subnets" { - description = "value of create_private_subnets local variable" - value = local.create_private_subnets + value = {for k, v in aws_subnet.private_subnets : k => v.cidr_block} } output "public_subnets" { description = "List of IDs of public subnets" - value = aws_subnet.public_subnets[*].id + value = {for k, v in aws_subnet.public_subnets : k => v.id} } output "private_subnets" { description = "List of IDs of private subnets" - value = aws_subnet.private_subnets[*].id + value = {for k, v in aws_subnet.private_subnets : k => v.id} } output "public_subnet_arns" { description = "List of ARNs of public subnets" - value = aws_subnet.public_subnets[*].arn + value = {for k, v in aws_subnet.public_subnets : k => v.arn} +} + +output "private_subnets_arns" { + description = "List of ARNs of private subnets" + value = {for k, v in aws_subnet.private_subnets : k => v.arn} } diff --git a/VPC/Modules/subnets/private.tf b/VPC/Modules/subnets/private.tf index 23d387e..8fc1ca5 100644 --- a/VPC/Modules/subnets/private.tf +++ b/VPC/Modules/subnets/private.tf @@ -2,23 +2,49 @@ # Private Subnets ########################################################################## -### Create private subnets if the list of CIDR blocks is not empty -locals { - create_private_subnets = length(var.private_subnets_cidr_blocks) > 0 - -} + + resource "aws_subnet" "private_subnets" { - count = var.create_private_subnets ? length(var.private_subnets_cidr_blocks) : 0 - map_public_ip_on_launch = var.map_public_ip_on_private_subs - vpc_id =var.vpc_id - cidr_block = var.private_subnets_cidr_blocks[count.index] - availability_zone = var.availability_zones[count.index % length(var.availability_zones)] + for_each = var.private_subnets + vpc_id = each.value.vpc_id + cidr_block = each.value.cidr_block[0] + availability_zone = each.value.availability_zone[0] + map_public_ip_on_launch = each.value.map_public_ip_on_launch tags = merge( { - Name = "${var.name}private-subnet-${count.index + 1}" + Name = "${var.name}-${each.key}" }, var.tags ) -} \ No newline at end of file + +} + + + + + + + + +### Create private subnets if the list of CIDR blocks is not empty +# locals { +# create_private_subnets = length(var.private_subnets_cidr_blocks) > 0 + +# } + +# resource "aws_subnet" "private_subnets" { +# count = var.create_private_subnets ? length(var.private_subnets_cidr_blocks) : 0 +# map_public_ip_on_launch = var.map_public_ip_on_private_subs +# vpc_id =var.vpc_id +# cidr_block = var.private_subnets_cidr_blocks[count.index] +# availability_zone = var.availability_zones[count.index % length(var.availability_zones)] + +# tags = merge( +# { +# Name = "${var.name}private-subnet-${count.index + 1}" +# }, +# var.tags +# ) +# } \ No newline at end of file diff --git a/VPC/Modules/subnets/public.tf b/VPC/Modules/subnets/public.tf index bcb0b4e..0d35156 100644 --- a/VPC/Modules/subnets/public.tf +++ b/VPC/Modules/subnets/public.tf @@ -3,23 +3,41 @@ ########################################################################## ## Create public subnets if the list of CIDR blocks is not empty -locals { - create_public_subnets = length(var.public_subnets_cidr_blocks) > 0 -} +# locals { +# create_public_subnets = length(var.public_subnets_cidr_blocks) > 0 +# } + + resource "aws_subnet" "public_subnets" { - count = var.create_pub_subs ? length(var.public_subnets_cidr_blocks) : 0 - vpc_id = var.vpc_id - cidr_block = var.public_subnets_cidr_blocks[count.index] - availability_zone = var.availability_zones[count.index % length(var.availability_zones)] - - map_public_ip_on_launch = var.map_public_ip_on_launch + for_each = var.public_subnets + vpc_id = each.value.vpc_id + cidr_block = each.value.cidr_block[0] + availability_zone = each.value.availability_zone[0] + map_public_ip_on_launch = each.value.map_public_ip_on_launch tags = merge( { - Name = "${var.name}public-subnet-${count.index + 1}" + Name = "${var.name}-${each.key}" }, var.tags ) +} + + +# resource "aws_subnet" "public_subnets" { +# count = var.create_pub_subs ? length(var.public_subnets_cidr_blocks) : 0 +# vpc_id = var.vpc_id +# cidr_block = var.public_subnets_cidr_blocks[count.index] +# availability_zone = var.availability_zones[count.index % length(var.availability_zones)] + +# map_public_ip_on_launch = var.map_public_ip_on_launch + +# tags = merge( +# { +# Name = "${var.name}public-subnet-${count.index + 1}" +# }, +# var.tags +# ) -} \ No newline at end of file +# } \ No newline at end of file diff --git a/VPC/Modules/subnets/variables.tf b/VPC/Modules/subnets/variables.tf index 32d3123..4a994c1 100644 --- a/VPC/Modules/subnets/variables.tf +++ b/VPC/Modules/subnets/variables.tf @@ -6,62 +6,76 @@ variable "name" { } -variable "create_pub_subs" { - description = "Bool to create public subnets" - type = bool - default = true +variable "public_subnets" { + description = "Map of public subnets" + type = map(object({ + cidr_block = list(string) + availability_zone = list(string) + map_public_ip_on_launch = bool + vpc_id = string + })) } +variable "private_subnets" { + description = "Map of private subnets" + type = map(object({ + cidr_block = list(string) + availability_zone = list(string) + map_public_ip_on_launch = bool + vpc_id = string + })) +} +variable "tags" { + description = "Global tags to apply to all resources" + type = map(string) + default = {} +} -variable "public_subnets_cidr_blocks" { - description = "List of CIDR blocks for public subnets" - type = list(string) - default = [""] +# variable "vpc_id" { +# description = "VPC ID" +# type = string +# } +#variable "public_subnets_cidr_blocks" { +# description = "List of CIDR blocks for public subnets" +# type = list(string) +# default = [""] -} +# } -variable "availability_zones" { - description = "List of availability zones for the VPC" - type = list(string) - default = [""] +# variable "availability_zones" { +# description = "List of availability zones for the VPC" +# type = list(string) +# default = [""] -} +# } -variable "map_public_ip_on_launch" { - description = "Map public IP on launch for public subnets" - type = bool - default = true +# variable "map_public_ip_on_launch" { +# description = "Map public IP on launch for public subnets" +# type = bool +# default = true -} +# } -variable "map_public_ip_on_private_subs" { - description = "Map public IP on launch for public subnets" - type = bool - default = false +# variable "map_public_ip_on_private_subs" { +# description = "Map public IP on launch for public subnets" +# type = bool +# default = false -} +# } ######## private subnets ######### -variable "create_private_subnets" { - description = "Bool to create private subnets" - type = bool - default = true -} -variable "private_subnets_cidr_blocks" { - description = "List of private subnets CIDR blocks" - type = list(string) - default = [""] -} -variable "tags" { - description = "Global tags to apply to all resources" - type = map(string) - default = {} -} +# variable "create_private_subnets" { +# description = "Bool to create private subnets" +# type = bool +# default = true +# } + +# variable "private_subnets_cidr_blocks" { +# description = "List of private subnets CIDR blocks" +# type = list(string) +# default = [""] +# } -variable "vpc_id" { - description = "VPC ID" - type = string -} \ No newline at end of file From cb13ae2bcf8858004f5f262ab09392b9f6c20da3 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 25 Jun 2025 13:10:24 -0400 Subject: [PATCH 17/43] another one --- VPC/Environment/Test/.gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VPC/Environment/Test/.gitignore b/VPC/Environment/Test/.gitignore index 1e1ac26..a34f38d 100644 --- a/VPC/Environment/Test/.gitignore +++ b/VPC/Environment/Test/.gitignore @@ -1,6 +1,6 @@ # Local .terraform directories **/.terraform/* - +.terraform/* # .tfstate files *.tfstate *.tfstate.* From 36f09ba2178d6d822e2601092fa4d9dec4899d42 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 25 Jun 2025 13:12:30 -0400 Subject: [PATCH 18/43] anothe one --- VPC/Environment/Test/.gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/VPC/Environment/Test/.gitignore b/VPC/Environment/Test/.gitignore index a34f38d..7fd6910 100644 --- a/VPC/Environment/Test/.gitignore +++ b/VPC/Environment/Test/.gitignore @@ -1,6 +1,7 @@ # Local .terraform directories **/.terraform/* .terraform/* +.terraform/ # .tfstate files *.tfstate *.tfstate.* From d88c1cac0d59c44d594b570c8708cde80b905756 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 25 Jun 2025 13:14:31 -0400 Subject: [PATCH 19/43] Ensure .terraform is ignored --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1c99dc1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.terraform/ From 517a0842494b3ec902743351be3d41b519672204 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 25 Jun 2025 13:55:47 -0400 Subject: [PATCH 20/43] Editing the modules with for_each this will be v1 of the Edits --- VPC/Environment/Testv1/.gitignore | 42 +++++ VPC/Environment/Testv1/backend.tf | 8 + VPC/Environment/Testv1/main.tf | 210 +++++++++++++++++++++++ VPC/Environment/Testv1/outputs.tf | 0 VPC/Environment/Testv1/providers.tf | 13 ++ VPC/Environment/Testv1/variables.tf | 16 ++ VPC/Modules/VPC/main.tf | 2 +- VPC/Modules/VPC/outputs.tf | 2 +- VPC/Modules/igw-nat/main.tf | 2 +- VPC/Modules/igw-nat/outputs.tf | 2 +- VPC/Modules/igw-nat/variables.tf | 2 +- VPC/Modules/route-tables/main.tf | 2 +- VPC/Modules/route-tables/outputs.tf | 2 + VPC/Modules/route-tables/variables.tf | 1 + VPC/Modules/security-groups/README.MD | 0 VPC/Modules/security-groups/main.tf | 2 +- VPC/Modules/security-groups/variables.tf | 6 - VPC/Modules/subnets/outputs.tf | 2 + VPC/Modules/subnets/private.tf | 2 +- VPC/Modules/subnets/public.tf | 2 +- VPC/Modules/subnets/variables.tf | 1 + 21 files changed, 304 insertions(+), 15 deletions(-) create mode 100644 VPC/Environment/Testv1/.gitignore create mode 100644 VPC/Environment/Testv1/backend.tf create mode 100644 VPC/Environment/Testv1/main.tf create mode 100644 VPC/Environment/Testv1/outputs.tf create mode 100644 VPC/Environment/Testv1/providers.tf create mode 100644 VPC/Environment/Testv1/variables.tf create mode 100644 VPC/Modules/security-groups/README.MD diff --git a/VPC/Environment/Testv1/.gitignore b/VPC/Environment/Testv1/.gitignore new file mode 100644 index 0000000..7fd6910 --- /dev/null +++ b/VPC/Environment/Testv1/.gitignore @@ -0,0 +1,42 @@ +# Local .terraform directories +**/.terraform/* +.terraform/* +.terraform/ +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC/Environment/Testv1/backend.tf b/VPC/Environment/Testv1/backend.tf new file mode 100644 index 0000000..6724c89 --- /dev/null +++ b/VPC/Environment/Testv1/backend.tf @@ -0,0 +1,8 @@ +terraform { + backend "s3" { + bucket = "terraform-state-bucket1237546" + key = "dev-vpc-module-by-terraform-state.tfstate" + region = "us-east-1" + use_lockfile = true + } +} diff --git a/VPC/Environment/Testv1/main.tf b/VPC/Environment/Testv1/main.tf new file mode 100644 index 0000000..cb8d0f3 --- /dev/null +++ b/VPC/Environment/Testv1/main.tf @@ -0,0 +1,210 @@ +locals { + region = "us-east-1" + region_2 = "us-east-2" + envrionment = "Test" + Project = "Smooth" + global_name = "${var.name}-${local.Project}-${local.envrionment}" + tags = { + Envrionment = local.envrionment + Project = local.Project + } + +} +#################################################################### +# VPC +#################################################################### +module "vpc" { + source = "../../Modules/vpc" + name = local.global_name + + vpc_attributes = { + vpc = { + cidr_block = "10.0.0.0/16" + enable_dns_support = true + enable_dns_hostnames = true + region = local.region + } + vpc_2 = { + cidr_block = "10.10.0.0/16" + enable_dns_support = false + enable_dns_hostnames = false + region = local.region_2 + } + } + tags = local.tags +} + +#################################################################### +# Subnets +#################################################################### +module "subnets" { + source = "../../Modules/subnets" + name = local.global_name + public_subnets = { + pub_subnet_1 = { + vpc_id = module.vpc.vpc_id["vpc"] + cidr_block = ["10.0.0.0/24"] + availability_zone = ["us-east-1a"] + map_public_ip_on_launch = true + } + + pub_subnet_2 = { + vpc_id = module.vpc.vpc_id["vpc"] + cidr_block = ["10.0.1.0/24"] + availability_zone = ["us-east-1b"] + map_public_ip_on_launch = true + } + } + private_subnets = { + priv_subnet_1 = { + vpc_id = module.vpc.vpc_id["vpc"] + cidr_block = ["10.0.2.0/24"] + availability_zone = ["us-east-1a"] + map_public_ip_on_launch = false + } + priv_subnet_2 = { + vpc_id = module.vpc.vpc_id["vpc"] + cidr_block = ["10.0.3.0/24"] + availability_zone = ["us-east-1b"] + map_public_ip_on_launch = false + } + } +} +#################################################################### +# Route Tables +#################################################################### + +module "route-tables" { + source = "../../Modules/route-tables" + name = local.global_name + tags = local.tags + public_route_tables = { + public_rt1 = { + vpc_id = module.vpc.vpc_id["vpc"] + region = local.region + } + } + + public_routes = { + public_routes = { + type = "public" + route_table_id = module.route-tables.public_route_table_id["public_rt1"] + destination_cidr_block = "0.0.0.0/0" + gateway_id = module.igw-nat.igw_id["igw"] + } + } + public_route_table_associations = { + pub_rt1_subnet1 = { # unique key + route_table_id = module.route-tables.public_route_table_id["public_rt1"] + subnet_id = module.subnets.public_subnets["pub_subnet_1"] + } + pub_rt1_subnet2 = { + route_table_id = module.route-tables.public_route_table_id["public_rt1"] + subnet_id = module.subnets.public_subnets["pub_subnet_2"] + } + + } + # Accessing the first public subnet + + private_route_tables = { + private_rt1 = { + vpc_id = module.vpc.vpc_id["vpc"] + region = local.region + } + } + private_routes = { + private_route = { + type = "private" + route_table_id = module.route-tables.private_route_table_id["private_rt1"] # Syntax = module<[keyname]> + destination_cidr_block = "0.0.0.0/0" + nat_gateway_id = module.igw-nat.nat_id["main_nat"] + } + } + + private_route_table_associations = { + priv_rt1_subnet1 = { # unique key + route_table_id = module.route-tables.private_route_table_id["private_rt1"] + subnet_id = module.subnets.private_subnets["priv_subnet_1"] + } + priv_rt1_subnet2 = { + route_table_id = module.route-tables.private_route_table_id["private_rt1"] + subnet_id = module.subnets.private_subnets["priv_subnet_2"] + } +} +} + + + + +#################################################################### +# Internet Gateway and NAT Gateway +#################################################################### +module "igw-nat" { + source = "../../Modules/igw-nat" + eip = { + main_eip = { + region = local.region + tags = local.tags + } + } + + nat_gateway = { + main_nat = { + allocation_id = module.igw-nat.allocation_id["main_eip"] + subnet_id = module.subnets.public_subnets["pub_subnet_1"] # no need to add .id because it is already a string and established in the outputs + } + } + + internet_gateway = { + igw = { + vpc_id = module.vpc.vpc_id["vpc"] + tags = local.tags + } + } + name = local.global_name +} + + + + +#################################################################### +# Security Groups +#################################################################### +module "security-groups" { + source = "../../Modules/security-groups" + vpc_id = module.vpc.vpc_id["vpc"] + name = local.global_name + tags = local.tags + + security_group_description = "Security group for Smooth project" + + ingress_rules = [ + + { + type = "ingress" + from_port = 22 + to_port = 22 + protocol = "tcp" + description = "Allow SSH access" + cidr_blocks = ["0.0.0.0/0"] + }, + { + type = "ingress" + from_port = 80 + to_port = 80 + protocol = "tcp" + description = "Allow HTTP access" + cidr_blocks = ["0.0.0.0/0"] + }, + { + type = "ingress" + from_port = 443 + to_port = 443 + protocol = "tcp" + description = "Allow HTTPS access" + cidr_blocks = ["0.0.0.0/0"] + } + + ] + +} \ No newline at end of file diff --git a/VPC/Environment/Testv1/outputs.tf b/VPC/Environment/Testv1/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Environment/Testv1/providers.tf b/VPC/Environment/Testv1/providers.tf new file mode 100644 index 0000000..bd011dc --- /dev/null +++ b/VPC/Environment/Testv1/providers.tf @@ -0,0 +1,13 @@ +terraform { + required_version = ">= 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "6.0.0-beta2" + } + } + +} +provider "aws" { + region = local.region +} diff --git a/VPC/Environment/Testv1/variables.tf b/VPC/Environment/Testv1/variables.tf new file mode 100644 index 0000000..4ac718b --- /dev/null +++ b/VPC/Environment/Testv1/variables.tf @@ -0,0 +1,16 @@ + +########################################################## +# VPC +########################################################## +variable "name" { + description = "Global name for all resources" + type = string + default = "Tim" +} + +# variable "tags" { +# description = "Global tags to apply to all resources" +# type = map(string) +# default = {} +# } + diff --git a/VPC/Modules/VPC/main.tf b/VPC/Modules/VPC/main.tf index b2e889e..b9c41ac 100644 --- a/VPC/Modules/VPC/main.tf +++ b/VPC/Modules/VPC/main.tf @@ -1,4 +1,4 @@ -########################################################################## +########################################################################### # VPC Configuration ########################################################################## diff --git a/VPC/Modules/VPC/outputs.tf b/VPC/Modules/VPC/outputs.tf index 5d30f40..3c80340 100644 --- a/VPC/Modules/VPC/outputs.tf +++ b/VPC/Modules/VPC/outputs.tf @@ -1,4 +1,4 @@ - +### output "vpc_id" { description = "VPC ID" value = {for k, v in aws_vpc.this_vpc : k => v.id} diff --git a/VPC/Modules/igw-nat/main.tf b/VPC/Modules/igw-nat/main.tf index 0620e67..4905e0d 100644 --- a/VPC/Modules/igw-nat/main.tf +++ b/VPC/Modules/igw-nat/main.tf @@ -7,7 +7,7 @@ ################################################################### # Elastic IP for NAT Gateways -#################################################################### +##################################################################### resource "aws_eip" "this_eip" { for_each = var.eip diff --git a/VPC/Modules/igw-nat/outputs.tf b/VPC/Modules/igw-nat/outputs.tf index fc2d385..c975f44 100644 --- a/VPC/Modules/igw-nat/outputs.tf +++ b/VPC/Modules/igw-nat/outputs.tf @@ -1,4 +1,4 @@ - +### output "igw_id" { description = "The ID of the Internet Gateway" diff --git a/VPC/Modules/igw-nat/variables.tf b/VPC/Modules/igw-nat/variables.tf index e82b1be..3da72d3 100644 --- a/VPC/Modules/igw-nat/variables.tf +++ b/VPC/Modules/igw-nat/variables.tf @@ -1,4 +1,4 @@ - +## variable "tags" { description = "Global tags to apply to all resources" type = map(string) diff --git a/VPC/Modules/route-tables/main.tf b/VPC/Modules/route-tables/main.tf index b1f8095..2929d66 100644 --- a/VPC/Modules/route-tables/main.tf +++ b/VPC/Modules/route-tables/main.tf @@ -4,7 +4,7 @@ ######################################################################### # Public RT and Rules -######################################################################### +########################################################################## diff --git a/VPC/Modules/route-tables/outputs.tf b/VPC/Modules/route-tables/outputs.tf index 586149c..5fb7898 100644 --- a/VPC/Modules/route-tables/outputs.tf +++ b/VPC/Modules/route-tables/outputs.tf @@ -1,3 +1,5 @@ +### + output "public_route_table_id" { description = "ID of the route table" value = {for k, v in aws_route_table.public : k =>v.id} diff --git a/VPC/Modules/route-tables/variables.tf b/VPC/Modules/route-tables/variables.tf index e5f1b62..7c92a83 100644 --- a/VPC/Modules/route-tables/variables.tf +++ b/VPC/Modules/route-tables/variables.tf @@ -1,3 +1,4 @@ +## variable "tags" { description = "Global tags to apply to all resources" type = map(string) diff --git a/VPC/Modules/security-groups/README.MD b/VPC/Modules/security-groups/README.MD new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Modules/security-groups/main.tf b/VPC/Modules/security-groups/main.tf index 4ce9c08..d006500 100644 --- a/VPC/Modules/security-groups/main.tf +++ b/VPC/Modules/security-groups/main.tf @@ -1,6 +1,6 @@ ###################################################################### ### Security Group ### -###################################################################### +####################################################################### resource "aws_security_group" "this_sg" { vpc_id = var.vpc_id description = var.security_group_description diff --git a/VPC/Modules/security-groups/variables.tf b/VPC/Modules/security-groups/variables.tf index 10545af..8e78887 100644 --- a/VPC/Modules/security-groups/variables.tf +++ b/VPC/Modules/security-groups/variables.tf @@ -4,12 +4,6 @@ variable "name" { } -# variable "security_group_id" { -# description = "Security Group ID" -# default = aws_security_group.this_sg.id - -# } - variable "tags" { description = "Tags for the resources" diff --git a/VPC/Modules/subnets/outputs.tf b/VPC/Modules/subnets/outputs.tf index 344a646..0846d28 100644 --- a/VPC/Modules/subnets/outputs.tf +++ b/VPC/Modules/subnets/outputs.tf @@ -1,9 +1,11 @@ +### output "public_subnets_cidr_blocks" { description = "values of public subnets CIDR blocks" value = {for k, v in aws_subnet.public_subnets : k => v.cidr_block} } + output "private_subnets_cidr_blocks" { description = "values of private subnets CIDR blocks" value = {for k, v in aws_subnet.private_subnets : k => v.cidr_block} diff --git a/VPC/Modules/subnets/private.tf b/VPC/Modules/subnets/private.tf index 8fc1ca5..5189cc7 100644 --- a/VPC/Modules/subnets/private.tf +++ b/VPC/Modules/subnets/private.tf @@ -1,6 +1,6 @@ ########################################################################## # Private Subnets -########################################################################## +########################################################################### diff --git a/VPC/Modules/subnets/public.tf b/VPC/Modules/subnets/public.tf index 0d35156..c67f8a0 100644 --- a/VPC/Modules/subnets/public.tf +++ b/VPC/Modules/subnets/public.tf @@ -1,6 +1,6 @@ ########################################################################## # Public Subnets -########################################################################## +########################################################################### ## Create public subnets if the list of CIDR blocks is not empty # locals { diff --git a/VPC/Modules/subnets/variables.tf b/VPC/Modules/subnets/variables.tf index 4a994c1..28eca71 100644 --- a/VPC/Modules/subnets/variables.tf +++ b/VPC/Modules/subnets/variables.tf @@ -1,4 +1,5 @@ +## variable "name" { description = "Global name for all resources" type = string From cd5a066eb805d6fe9922e2c3e4e7721f856c49fd Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 25 Jun 2025 14:16:45 -0400 Subject: [PATCH 21/43] Editing the module with for_each this will be v1 of the edits --- VPC/Environment/test-v1/.gitignore | 42 ++++++ VPC/Environment/test-v1/backend.tf | 9 ++ VPC/Environment/test-v1/main.tf | 210 +++++++++++++++++++++++++++ VPC/Environment/test-v1/outputs.tf | 0 VPC/Environment/test-v1/providers.tf | 14 ++ VPC/Environment/test-v1/variables.tf | 16 ++ 6 files changed, 291 insertions(+) create mode 100644 VPC/Environment/test-v1/.gitignore create mode 100644 VPC/Environment/test-v1/backend.tf create mode 100644 VPC/Environment/test-v1/main.tf create mode 100644 VPC/Environment/test-v1/outputs.tf create mode 100644 VPC/Environment/test-v1/providers.tf create mode 100644 VPC/Environment/test-v1/variables.tf diff --git a/VPC/Environment/test-v1/.gitignore b/VPC/Environment/test-v1/.gitignore new file mode 100644 index 0000000..7fd6910 --- /dev/null +++ b/VPC/Environment/test-v1/.gitignore @@ -0,0 +1,42 @@ +# Local .terraform directories +**/.terraform/* +.terraform/* +.terraform/ +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC/Environment/test-v1/backend.tf b/VPC/Environment/test-v1/backend.tf new file mode 100644 index 0000000..78ec24f --- /dev/null +++ b/VPC/Environment/test-v1/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "terraform-state-bucket1237546" + key = "dev-vpc-module-by-terraform-state.tfstate" + region = "us-east-1" + use_lockfile = true + } +} +## \ No newline at end of file diff --git a/VPC/Environment/test-v1/main.tf b/VPC/Environment/test-v1/main.tf new file mode 100644 index 0000000..4a15eea --- /dev/null +++ b/VPC/Environment/test-v1/main.tf @@ -0,0 +1,210 @@ +locals { + region = "us-east-1" + region_2 = "us-east-2" + envrionment = "Test" + Project = "Smooth" + global_name = "${var.name}-${local.Project}-${local.envrionment}" + tags = { + Envrionment = local.envrionment + Project = local.Project + } + +} +##################################################################### +# VPC +#################################################################### +module "vpc" { + source = "../../Modules/vpc" + name = local.global_name + + vpc_attributes = { + vpc = { + cidr_block = "10.0.0.0/16" + enable_dns_support = true + enable_dns_hostnames = true + region = local.region + } + vpc_2 = { + cidr_block = "10.10.0.0/16" + enable_dns_support = false + enable_dns_hostnames = false + region = local.region_2 + } + } + tags = local.tags +} + +#################################################################### +# Subnets +#################################################################### +module "subnets" { + source = "../../Modules/subnets" + name = local.global_name + public_subnets = { + pub_subnet_1 = { + vpc_id = module.vpc.vpc_id["vpc"] + cidr_block = ["10.0.0.0/24"] + availability_zone = ["us-east-1a"] + map_public_ip_on_launch = true + } + + pub_subnet_2 = { + vpc_id = module.vpc.vpc_id["vpc"] + cidr_block = ["10.0.1.0/24"] + availability_zone = ["us-east-1b"] + map_public_ip_on_launch = true + } + } + private_subnets = { + priv_subnet_1 = { + vpc_id = module.vpc.vpc_id["vpc"] + cidr_block = ["10.0.2.0/24"] + availability_zone = ["us-east-1a"] + map_public_ip_on_launch = false + } + priv_subnet_2 = { + vpc_id = module.vpc.vpc_id["vpc"] + cidr_block = ["10.0.3.0/24"] + availability_zone = ["us-east-1b"] + map_public_ip_on_launch = false + } + } +} +#################################################################### +# Route Tables +#################################################################### + +module "route-tables" { + source = "../../Modules/route-tables" + name = local.global_name + tags = local.tags + public_route_tables = { + public_rt1 = { + vpc_id = module.vpc.vpc_id["vpc"] + region = local.region + } + } + + public_routes = { + public_routes = { + type = "public" + route_table_id = module.route-tables.public_route_table_id["public_rt1"] + destination_cidr_block = "0.0.0.0/0" + gateway_id = module.igw-nat.igw_id["igw"] + } + } + public_route_table_associations = { + pub_rt1_subnet1 = { # unique key + route_table_id = module.route-tables.public_route_table_id["public_rt1"] + subnet_id = module.subnets.public_subnets["pub_subnet_1"] + } + pub_rt1_subnet2 = { + route_table_id = module.route-tables.public_route_table_id["public_rt1"] + subnet_id = module.subnets.public_subnets["pub_subnet_2"] + } + + } + # Accessing the first public subnet + + private_route_tables = { + private_rt1 = { + vpc_id = module.vpc.vpc_id["vpc"] + region = local.region + } + } + private_routes = { + private_route = { + type = "private" + route_table_id = module.route-tables.private_route_table_id["private_rt1"] # Syntax = module<[keyname]> + destination_cidr_block = "0.0.0.0/0" + nat_gateway_id = module.igw-nat.nat_id["main_nat"] + } + } + + private_route_table_associations = { + priv_rt1_subnet1 = { # unique key + route_table_id = module.route-tables.private_route_table_id["private_rt1"] + subnet_id = module.subnets.private_subnets["priv_subnet_1"] + } + priv_rt1_subnet2 = { + route_table_id = module.route-tables.private_route_table_id["private_rt1"] + subnet_id = module.subnets.private_subnets["priv_subnet_2"] + } +} +} + + + + +#################################################################### +# Internet Gateway and NAT Gateway +#################################################################### +module "igw-nat" { + source = "../../Modules/igw-nat" + eip = { + main_eip = { + region = local.region + tags = local.tags + } + } + + nat_gateway = { + main_nat = { + allocation_id = module.igw-nat.allocation_id["main_eip"] + subnet_id = module.subnets.public_subnets["pub_subnet_1"] # no need to add .id because it is already a string and established in the outputs + } + } + + internet_gateway = { + igw = { + vpc_id = module.vpc.vpc_id["vpc"] + tags = local.tags + } + } + name = local.global_name +} + + + + +#################################################################### +# Security Groups +#################################################################### +module "security-groups" { + source = "../../Modules/security-groups" + vpc_id = module.vpc.vpc_id["vpc"] + name = local.global_name + tags = local.tags + + security_group_description = "Security group for Smooth project" + + ingress_rules = [ + + { + type = "ingress" + from_port = 22 + to_port = 22 + protocol = "tcp" + description = "Allow SSH access" + cidr_blocks = ["0.0.0.0/0"] + }, + { + type = "ingress" + from_port = 80 + to_port = 80 + protocol = "tcp" + description = "Allow HTTP access" + cidr_blocks = ["0.0.0.0/0"] + }, + { + type = "ingress" + from_port = 443 + to_port = 443 + protocol = "tcp" + description = "Allow HTTPS access" + cidr_blocks = ["0.0.0.0/0"] + } + + ] + +} \ No newline at end of file diff --git a/VPC/Environment/test-v1/outputs.tf b/VPC/Environment/test-v1/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Environment/test-v1/providers.tf b/VPC/Environment/test-v1/providers.tf new file mode 100644 index 0000000..7eda631 --- /dev/null +++ b/VPC/Environment/test-v1/providers.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "6.0.0-beta2" + } + } + +} +provider "aws" { + region = local.region +} +## \ No newline at end of file diff --git a/VPC/Environment/test-v1/variables.tf b/VPC/Environment/test-v1/variables.tf new file mode 100644 index 0000000..99d22f9 --- /dev/null +++ b/VPC/Environment/test-v1/variables.tf @@ -0,0 +1,16 @@ + +########################################################## +# VPC +########################################################### +variable "name" { + description = "Global name for all resources" + type = string + default = "Tim" +} + +# variable "tags" { +# description = "Global tags to apply to all resources" +# type = map(string) +# default = {} +# } + From e5f661e9dc6ab7308ea2271a6986060ecf815b12 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 25 Jun 2025 19:32:30 -0400 Subject: [PATCH 22/43] deleted unncessary files --- VPC/Modules/VPC/ouputs.tf | 40 --------------- VPC/Modules/VPC/private-subnets.tf | 23 --------- VPC/Modules/VPC/provider..tf | 13 ----- VPC/Modules/VPC/public-subnets.tf | 25 --------- VPC/Modules/VPC/route-tables.tf | 82 ------------------------------ 5 files changed, 183 deletions(-) delete mode 100644 VPC/Modules/VPC/ouputs.tf delete mode 100644 VPC/Modules/VPC/private-subnets.tf delete mode 100644 VPC/Modules/VPC/provider..tf delete mode 100644 VPC/Modules/VPC/public-subnets.tf delete mode 100644 VPC/Modules/VPC/route-tables.tf diff --git a/VPC/Modules/VPC/ouputs.tf b/VPC/Modules/VPC/ouputs.tf deleted file mode 100644 index a3b1d91..0000000 --- a/VPC/Modules/VPC/ouputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -output "vpc_id" { - description = "The ID of the VPC" - value = aws_vpc.this_vpc[0].id -} - -output "vpc_cidr" { - description = "VPC CIDR" - value = aws_vpc.this_vpc[0].cidr_block -} -output "igw_id" { - description = "The ID of the Internet Gateway" - value = aws_internet_gateway.this_igw[0].id -} - -output "igw_arn" { - description = "The ARN of the Internet Gateway" - value = aws_internet_gateway.this_igw[0].arn -} -output "public_subnets" { - description = "List of IDs of public subnets" - value = aws_subnet.public_subnets[*].id -} -output "public_subnet_arns" { - description = "List of ARNs of public subnets" - value = aws_subnet.public_subnets[*].arn -} -output "public_subnets_cidr_blocks" { - description = "List of cidr_blocks of public subnets" - value = compact(aws_subnet.public_subnets[*].cidr_block) -} - -output "private_subnets" { - description = "List of IDs of private subnets" - value = aws_subnet.private_subnets[*].id -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = compact(aws_subnet.private_subnets[*].cidr_block) -} \ No newline at end of file diff --git a/VPC/Modules/VPC/private-subnets.tf b/VPC/Modules/VPC/private-subnets.tf deleted file mode 100644 index 7a6b5ee..0000000 --- a/VPC/Modules/VPC/private-subnets.tf +++ /dev/null @@ -1,23 +0,0 @@ -########################################################################## -# Private Subnets -########################################################################## - -### Create private subnets if the list of CIDR blocks is not empty -locals { - create_private_subnets = length(var.private_subnets_cidr_blocks) > 0 -} - -resource "aws_subnet" "private_subnets" { - count = var.create_vpc ? length(var.private_subnets_cidr_blocks): 0 - map_public_ip_on_launch = var.map_public_ip_on_private_subs - vpc_id = aws_vpc.this_vpc[0].id - cidr_block = var.private_subnets_cidr_blocks[count.index] - availability_zone = var.availability_zones[count.index % length(var.availability_zones)] - - tags = merge( - { - Name = "${var.name}-private-subnet-${count.index + 1}" - }, - var.tags - ) -} \ No newline at end of file diff --git a/VPC/Modules/VPC/provider..tf b/VPC/Modules/VPC/provider..tf deleted file mode 100644 index ca3b037..0000000 --- a/VPC/Modules/VPC/provider..tf +++ /dev/null @@ -1,13 +0,0 @@ -terraform { - required_version = ">= 1.0" - required_providers { - aws = { - source = "hashicorp/aws" - version = "6.0.0-beta2" - } - } -} - -provider "aws" { - region = "us-east-1" -} \ No newline at end of file diff --git a/VPC/Modules/VPC/public-subnets.tf b/VPC/Modules/VPC/public-subnets.tf deleted file mode 100644 index 5709863..0000000 --- a/VPC/Modules/VPC/public-subnets.tf +++ /dev/null @@ -1,25 +0,0 @@ -########################################################################## -# Public Subnets -########################################################################## - -## Create public subnets if the list of CIDR blocks is not empty -locals { - create_public_subnets = length(var.public_subnets_cidr_blocks) > 0 -} - -resource "aws_subnet" "public_subnets" { - count = var.create_vpc ? length(var.public_subnets_cidr_blocks) : 0 - vpc_id = aws_vpc.this_vpc[0].id - cidr_block = var.public_subnets_cidr_blocks[count.index] - availability_zone = var.availability_zones[count.index % length(var.availability_zones)] - - map_public_ip_on_launch = var.map_public_ip_on_launch - - tags = merge( - { - Name = "${var.name}-public-subnet-${count.index + 1}" - }, - var.tags - ) - -} \ No newline at end of file diff --git a/VPC/Modules/VPC/route-tables.tf b/VPC/Modules/VPC/route-tables.tf deleted file mode 100644 index 547c64c..0000000 --- a/VPC/Modules/VPC/route-tables.tf +++ /dev/null @@ -1,82 +0,0 @@ -######################################################################### -# Route Tables for VPC -######################################################################### -locals{ - create_public_route_table = var.create_vpc && length(var.public_subnets_cidr_blocks) > 0 - create_private_route_table = var.create_vpc && length(var.private_subnets_cidr_blocks) > 0 - create_route_to_igw = var.create_vpc && var.create_igw && local.create_public_route_table - create_route_to_nat = var.create_vpc && var.create_nat && local.create_private_route_table - -} -######################################################################### -# Public RT and Rules -######################################################################### -resource "aws_route_table" "public" { - count = local.create_public_route_table ? 1:0 - vpc_id = aws_vpc.this_vpc[0].id - - tags = merge( - { - Name = "${var.name}-public-route-table" - }, - var.tags - ) -} -resource "aws_route" "public_internet_gateway" { - count = local.create_route_to_igw ? 1:0 - - route_table_id = aws_route_table.public[count.index].id - destination_cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.this_igw[0].id - - -} - -######################################################################### -# Public RT Association -######################################################################### -resource "aws_route_table_association" "public_association" { - count = local.create_public_subnets ? length(aws_subnet.public_subnets) : 0 - - subnet_id = element(aws_subnet.public_subnets[*].id, count.index) - route_table_id = aws_route_table.public[0].id - -} - - -######################################################################### -# Private RT and Rules -######################################################################### - -resource "aws_route_table" "private" { - count = local.create_private_route_table ? 1:0 - vpc_id = aws_vpc.this_vpc[0].id - - tags = merge( - { - Name = "${var.name}-private-route-table" - }, - var.tags - ) -} - - -resource "aws_route" "private_nat_gateway" { - count = local.create_private_route_table ? 1 : 0 - - route_table_id = aws_route_table.private[count.index].id - destination_cidr_block = "0.0.0.0/0" - nat_gateway_id = aws_nat_gateway.this_nat[0].id - -} - -######################################################################### -# Private RT Association -######################################################################### -resource "aws_route_table_association" "private_association" { - count = local.create_private_subnets ? length(aws_subnet.private_subnets) : 0 - - subnet_id = element(aws_subnet.private_subnets[*].id, count.index) - route_table_id = aws_route_table.private[0].id - -} \ No newline at end of file From 216b2e4aff613d9d97f708b08a30346e9c1ce968 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 25 Jun 2025 19:39:13 -0400 Subject: [PATCH 23/43] removed more clutter --- VPC/Environment/Test/.gitignore | 42 ----- VPC/Environment/Test/.terraform.lock.hcl | 25 --- VPC/Environment/Test/backend.tf | 8 - VPC/Environment/Test/main.tf | 210 ----------------------- VPC/Environment/Test/outputs.tf | 0 VPC/Environment/Test/providers.tf | 13 -- VPC/Environment/Test/variables.tf | 16 -- VPC/Environment/Testv1/.gitignore | 42 ----- VPC/Environment/Testv1/backend.tf | 8 - VPC/Environment/Testv1/main.tf | 210 ----------------------- VPC/Environment/Testv1/outputs.tf | 0 VPC/Environment/Testv1/providers.tf | 13 -- VPC/Environment/Testv1/variables.tf | 16 -- 13 files changed, 603 deletions(-) delete mode 100644 VPC/Environment/Test/.gitignore delete mode 100644 VPC/Environment/Test/.terraform.lock.hcl delete mode 100644 VPC/Environment/Test/backend.tf delete mode 100644 VPC/Environment/Test/main.tf delete mode 100644 VPC/Environment/Test/outputs.tf delete mode 100644 VPC/Environment/Test/providers.tf delete mode 100644 VPC/Environment/Test/variables.tf delete mode 100644 VPC/Environment/Testv1/.gitignore delete mode 100644 VPC/Environment/Testv1/backend.tf delete mode 100644 VPC/Environment/Testv1/main.tf delete mode 100644 VPC/Environment/Testv1/outputs.tf delete mode 100644 VPC/Environment/Testv1/providers.tf delete mode 100644 VPC/Environment/Testv1/variables.tf diff --git a/VPC/Environment/Test/.gitignore b/VPC/Environment/Test/.gitignore deleted file mode 100644 index 7fd6910..0000000 --- a/VPC/Environment/Test/.gitignore +++ /dev/null @@ -1,42 +0,0 @@ -# Local .terraform directories -**/.terraform/* -.terraform/* -.terraform/ -# .tfstate files -*.tfstate -*.tfstate.* - -# Crash log files -crash.log -crash.*.log - -# Exclude all .tfvars files, which are likely to contain sensitive data, such as -# password, private keys, and other secrets. These should not be part of version -# control as they are data points which are potentially sensitive and subject -# to change depending on the environment. -*.tfvars -*.tfvars.json - -# Ignore override files as they are usually used to override resources locally and so -# are not checked in -override.tf -override.tf.json -*_override.tf -*_override.tf.json - -# Ignore transient lock info files created by terraform apply -.terraform.tfstate.lock.info - -# Include override files you do wish to add to version control using negated pattern -# !example_override.tf - -# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan -# example: *tfplan* - -# Ignore CLI configuration files -.terraformrc -terraform.rc -.terraform.lock.hcl - -# Ignore the .DS_Store files created by macOS -.DS_Store \ No newline at end of file diff --git a/VPC/Environment/Test/.terraform.lock.hcl b/VPC/Environment/Test/.terraform.lock.hcl deleted file mode 100644 index 8a42b7f..0000000 --- a/VPC/Environment/Test/.terraform.lock.hcl +++ /dev/null @@ -1,25 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "6.0.0-beta2" - constraints = "6.0.0-beta2" - hashes = [ - "h1:HUSfZFXOxU04oYqBSt4hwDecE5HRuExIYHEXZgelU/s=", - "zh:0ce9991734cbb33ef01b6034f9240a71c1d5de83b96b1c9bd04fdb90217e08a4", - "zh:3651f84c9b1a1ae49c9d93cf866e20547b5fe05b8347f535b297582ec24b271a", - "zh:4e52271e0b65ae1d06ef3e7faf0904c8c4df967424fca39ebfa566feda78533c", - "zh:619b2587d835e2547386cc139a264ce676812003869fb9dde62e91a7299d658f", - "zh:6ecb46509509a34af653aa64f0871460a738e7cce287ca147327f13b1f6038ba", - "zh:76555a37ba40a730c413e4b2dd77cefcac4a81d6f44b1fa50de116c5b8eee3fb", - "zh:7c33e147f7a2f59bc82b1ff20332596df329d7180f2ff1406aab0710742b4127", - "zh:7c8a24847bf4b573bf5db782e06fc252ca79899d892aa0a2ae4ee4cab55c7fd8", - "zh:828f1e40ec97227ca590292ed91b9e809150f8f5aa58b25f35d6291f7b6688c1", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9d6f6d1fa01ee87b3a2820f21f46204c89c22037a7838290d13d41ec29424639", - "zh:b77482d7947cd159d6c36083d3cbc0008ba5c479c5d143a4fff07abbfd9b54e1", - "zh:bb81fd7b8bd42b6a29f574c0eaa5b3b5faa904b62d844c0be4d8eea7a1bcde9d", - "zh:c200b02f1aaa0e82231553023619441e92def81b6248251bef021ec978bd6735", - "zh:e44c2d368db0bedd3d123f23ae0b96816d085e7da30736f2691b88c0318dfc79", - ] -} diff --git a/VPC/Environment/Test/backend.tf b/VPC/Environment/Test/backend.tf deleted file mode 100644 index 6724c89..0000000 --- a/VPC/Environment/Test/backend.tf +++ /dev/null @@ -1,8 +0,0 @@ -terraform { - backend "s3" { - bucket = "terraform-state-bucket1237546" - key = "dev-vpc-module-by-terraform-state.tfstate" - region = "us-east-1" - use_lockfile = true - } -} diff --git a/VPC/Environment/Test/main.tf b/VPC/Environment/Test/main.tf deleted file mode 100644 index cb8d0f3..0000000 --- a/VPC/Environment/Test/main.tf +++ /dev/null @@ -1,210 +0,0 @@ -locals { - region = "us-east-1" - region_2 = "us-east-2" - envrionment = "Test" - Project = "Smooth" - global_name = "${var.name}-${local.Project}-${local.envrionment}" - tags = { - Envrionment = local.envrionment - Project = local.Project - } - -} -#################################################################### -# VPC -#################################################################### -module "vpc" { - source = "../../Modules/vpc" - name = local.global_name - - vpc_attributes = { - vpc = { - cidr_block = "10.0.0.0/16" - enable_dns_support = true - enable_dns_hostnames = true - region = local.region - } - vpc_2 = { - cidr_block = "10.10.0.0/16" - enable_dns_support = false - enable_dns_hostnames = false - region = local.region_2 - } - } - tags = local.tags -} - -#################################################################### -# Subnets -#################################################################### -module "subnets" { - source = "../../Modules/subnets" - name = local.global_name - public_subnets = { - pub_subnet_1 = { - vpc_id = module.vpc.vpc_id["vpc"] - cidr_block = ["10.0.0.0/24"] - availability_zone = ["us-east-1a"] - map_public_ip_on_launch = true - } - - pub_subnet_2 = { - vpc_id = module.vpc.vpc_id["vpc"] - cidr_block = ["10.0.1.0/24"] - availability_zone = ["us-east-1b"] - map_public_ip_on_launch = true - } - } - private_subnets = { - priv_subnet_1 = { - vpc_id = module.vpc.vpc_id["vpc"] - cidr_block = ["10.0.2.0/24"] - availability_zone = ["us-east-1a"] - map_public_ip_on_launch = false - } - priv_subnet_2 = { - vpc_id = module.vpc.vpc_id["vpc"] - cidr_block = ["10.0.3.0/24"] - availability_zone = ["us-east-1b"] - map_public_ip_on_launch = false - } - } -} -#################################################################### -# Route Tables -#################################################################### - -module "route-tables" { - source = "../../Modules/route-tables" - name = local.global_name - tags = local.tags - public_route_tables = { - public_rt1 = { - vpc_id = module.vpc.vpc_id["vpc"] - region = local.region - } - } - - public_routes = { - public_routes = { - type = "public" - route_table_id = module.route-tables.public_route_table_id["public_rt1"] - destination_cidr_block = "0.0.0.0/0" - gateway_id = module.igw-nat.igw_id["igw"] - } - } - public_route_table_associations = { - pub_rt1_subnet1 = { # unique key - route_table_id = module.route-tables.public_route_table_id["public_rt1"] - subnet_id = module.subnets.public_subnets["pub_subnet_1"] - } - pub_rt1_subnet2 = { - route_table_id = module.route-tables.public_route_table_id["public_rt1"] - subnet_id = module.subnets.public_subnets["pub_subnet_2"] - } - - } - # Accessing the first public subnet - - private_route_tables = { - private_rt1 = { - vpc_id = module.vpc.vpc_id["vpc"] - region = local.region - } - } - private_routes = { - private_route = { - type = "private" - route_table_id = module.route-tables.private_route_table_id["private_rt1"] # Syntax = module<[keyname]> - destination_cidr_block = "0.0.0.0/0" - nat_gateway_id = module.igw-nat.nat_id["main_nat"] - } - } - - private_route_table_associations = { - priv_rt1_subnet1 = { # unique key - route_table_id = module.route-tables.private_route_table_id["private_rt1"] - subnet_id = module.subnets.private_subnets["priv_subnet_1"] - } - priv_rt1_subnet2 = { - route_table_id = module.route-tables.private_route_table_id["private_rt1"] - subnet_id = module.subnets.private_subnets["priv_subnet_2"] - } -} -} - - - - -#################################################################### -# Internet Gateway and NAT Gateway -#################################################################### -module "igw-nat" { - source = "../../Modules/igw-nat" - eip = { - main_eip = { - region = local.region - tags = local.tags - } - } - - nat_gateway = { - main_nat = { - allocation_id = module.igw-nat.allocation_id["main_eip"] - subnet_id = module.subnets.public_subnets["pub_subnet_1"] # no need to add .id because it is already a string and established in the outputs - } - } - - internet_gateway = { - igw = { - vpc_id = module.vpc.vpc_id["vpc"] - tags = local.tags - } - } - name = local.global_name -} - - - - -#################################################################### -# Security Groups -#################################################################### -module "security-groups" { - source = "../../Modules/security-groups" - vpc_id = module.vpc.vpc_id["vpc"] - name = local.global_name - tags = local.tags - - security_group_description = "Security group for Smooth project" - - ingress_rules = [ - - { - type = "ingress" - from_port = 22 - to_port = 22 - protocol = "tcp" - description = "Allow SSH access" - cidr_blocks = ["0.0.0.0/0"] - }, - { - type = "ingress" - from_port = 80 - to_port = 80 - protocol = "tcp" - description = "Allow HTTP access" - cidr_blocks = ["0.0.0.0/0"] - }, - { - type = "ingress" - from_port = 443 - to_port = 443 - protocol = "tcp" - description = "Allow HTTPS access" - cidr_blocks = ["0.0.0.0/0"] - } - - ] - -} \ No newline at end of file diff --git a/VPC/Environment/Test/outputs.tf b/VPC/Environment/Test/outputs.tf deleted file mode 100644 index e69de29..0000000 diff --git a/VPC/Environment/Test/providers.tf b/VPC/Environment/Test/providers.tf deleted file mode 100644 index bd011dc..0000000 --- a/VPC/Environment/Test/providers.tf +++ /dev/null @@ -1,13 +0,0 @@ -terraform { - required_version = ">= 1.0" - required_providers { - aws = { - source = "hashicorp/aws" - version = "6.0.0-beta2" - } - } - -} -provider "aws" { - region = local.region -} diff --git a/VPC/Environment/Test/variables.tf b/VPC/Environment/Test/variables.tf deleted file mode 100644 index 4ac718b..0000000 --- a/VPC/Environment/Test/variables.tf +++ /dev/null @@ -1,16 +0,0 @@ - -########################################################## -# VPC -########################################################## -variable "name" { - description = "Global name for all resources" - type = string - default = "Tim" -} - -# variable "tags" { -# description = "Global tags to apply to all resources" -# type = map(string) -# default = {} -# } - diff --git a/VPC/Environment/Testv1/.gitignore b/VPC/Environment/Testv1/.gitignore deleted file mode 100644 index 7fd6910..0000000 --- a/VPC/Environment/Testv1/.gitignore +++ /dev/null @@ -1,42 +0,0 @@ -# Local .terraform directories -**/.terraform/* -.terraform/* -.terraform/ -# .tfstate files -*.tfstate -*.tfstate.* - -# Crash log files -crash.log -crash.*.log - -# Exclude all .tfvars files, which are likely to contain sensitive data, such as -# password, private keys, and other secrets. These should not be part of version -# control as they are data points which are potentially sensitive and subject -# to change depending on the environment. -*.tfvars -*.tfvars.json - -# Ignore override files as they are usually used to override resources locally and so -# are not checked in -override.tf -override.tf.json -*_override.tf -*_override.tf.json - -# Ignore transient lock info files created by terraform apply -.terraform.tfstate.lock.info - -# Include override files you do wish to add to version control using negated pattern -# !example_override.tf - -# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan -# example: *tfplan* - -# Ignore CLI configuration files -.terraformrc -terraform.rc -.terraform.lock.hcl - -# Ignore the .DS_Store files created by macOS -.DS_Store \ No newline at end of file diff --git a/VPC/Environment/Testv1/backend.tf b/VPC/Environment/Testv1/backend.tf deleted file mode 100644 index 6724c89..0000000 --- a/VPC/Environment/Testv1/backend.tf +++ /dev/null @@ -1,8 +0,0 @@ -terraform { - backend "s3" { - bucket = "terraform-state-bucket1237546" - key = "dev-vpc-module-by-terraform-state.tfstate" - region = "us-east-1" - use_lockfile = true - } -} diff --git a/VPC/Environment/Testv1/main.tf b/VPC/Environment/Testv1/main.tf deleted file mode 100644 index cb8d0f3..0000000 --- a/VPC/Environment/Testv1/main.tf +++ /dev/null @@ -1,210 +0,0 @@ -locals { - region = "us-east-1" - region_2 = "us-east-2" - envrionment = "Test" - Project = "Smooth" - global_name = "${var.name}-${local.Project}-${local.envrionment}" - tags = { - Envrionment = local.envrionment - Project = local.Project - } - -} -#################################################################### -# VPC -#################################################################### -module "vpc" { - source = "../../Modules/vpc" - name = local.global_name - - vpc_attributes = { - vpc = { - cidr_block = "10.0.0.0/16" - enable_dns_support = true - enable_dns_hostnames = true - region = local.region - } - vpc_2 = { - cidr_block = "10.10.0.0/16" - enable_dns_support = false - enable_dns_hostnames = false - region = local.region_2 - } - } - tags = local.tags -} - -#################################################################### -# Subnets -#################################################################### -module "subnets" { - source = "../../Modules/subnets" - name = local.global_name - public_subnets = { - pub_subnet_1 = { - vpc_id = module.vpc.vpc_id["vpc"] - cidr_block = ["10.0.0.0/24"] - availability_zone = ["us-east-1a"] - map_public_ip_on_launch = true - } - - pub_subnet_2 = { - vpc_id = module.vpc.vpc_id["vpc"] - cidr_block = ["10.0.1.0/24"] - availability_zone = ["us-east-1b"] - map_public_ip_on_launch = true - } - } - private_subnets = { - priv_subnet_1 = { - vpc_id = module.vpc.vpc_id["vpc"] - cidr_block = ["10.0.2.0/24"] - availability_zone = ["us-east-1a"] - map_public_ip_on_launch = false - } - priv_subnet_2 = { - vpc_id = module.vpc.vpc_id["vpc"] - cidr_block = ["10.0.3.0/24"] - availability_zone = ["us-east-1b"] - map_public_ip_on_launch = false - } - } -} -#################################################################### -# Route Tables -#################################################################### - -module "route-tables" { - source = "../../Modules/route-tables" - name = local.global_name - tags = local.tags - public_route_tables = { - public_rt1 = { - vpc_id = module.vpc.vpc_id["vpc"] - region = local.region - } - } - - public_routes = { - public_routes = { - type = "public" - route_table_id = module.route-tables.public_route_table_id["public_rt1"] - destination_cidr_block = "0.0.0.0/0" - gateway_id = module.igw-nat.igw_id["igw"] - } - } - public_route_table_associations = { - pub_rt1_subnet1 = { # unique key - route_table_id = module.route-tables.public_route_table_id["public_rt1"] - subnet_id = module.subnets.public_subnets["pub_subnet_1"] - } - pub_rt1_subnet2 = { - route_table_id = module.route-tables.public_route_table_id["public_rt1"] - subnet_id = module.subnets.public_subnets["pub_subnet_2"] - } - - } - # Accessing the first public subnet - - private_route_tables = { - private_rt1 = { - vpc_id = module.vpc.vpc_id["vpc"] - region = local.region - } - } - private_routes = { - private_route = { - type = "private" - route_table_id = module.route-tables.private_route_table_id["private_rt1"] # Syntax = module<[keyname]> - destination_cidr_block = "0.0.0.0/0" - nat_gateway_id = module.igw-nat.nat_id["main_nat"] - } - } - - private_route_table_associations = { - priv_rt1_subnet1 = { # unique key - route_table_id = module.route-tables.private_route_table_id["private_rt1"] - subnet_id = module.subnets.private_subnets["priv_subnet_1"] - } - priv_rt1_subnet2 = { - route_table_id = module.route-tables.private_route_table_id["private_rt1"] - subnet_id = module.subnets.private_subnets["priv_subnet_2"] - } -} -} - - - - -#################################################################### -# Internet Gateway and NAT Gateway -#################################################################### -module "igw-nat" { - source = "../../Modules/igw-nat" - eip = { - main_eip = { - region = local.region - tags = local.tags - } - } - - nat_gateway = { - main_nat = { - allocation_id = module.igw-nat.allocation_id["main_eip"] - subnet_id = module.subnets.public_subnets["pub_subnet_1"] # no need to add .id because it is already a string and established in the outputs - } - } - - internet_gateway = { - igw = { - vpc_id = module.vpc.vpc_id["vpc"] - tags = local.tags - } - } - name = local.global_name -} - - - - -#################################################################### -# Security Groups -#################################################################### -module "security-groups" { - source = "../../Modules/security-groups" - vpc_id = module.vpc.vpc_id["vpc"] - name = local.global_name - tags = local.tags - - security_group_description = "Security group for Smooth project" - - ingress_rules = [ - - { - type = "ingress" - from_port = 22 - to_port = 22 - protocol = "tcp" - description = "Allow SSH access" - cidr_blocks = ["0.0.0.0/0"] - }, - { - type = "ingress" - from_port = 80 - to_port = 80 - protocol = "tcp" - description = "Allow HTTP access" - cidr_blocks = ["0.0.0.0/0"] - }, - { - type = "ingress" - from_port = 443 - to_port = 443 - protocol = "tcp" - description = "Allow HTTPS access" - cidr_blocks = ["0.0.0.0/0"] - } - - ] - -} \ No newline at end of file diff --git a/VPC/Environment/Testv1/outputs.tf b/VPC/Environment/Testv1/outputs.tf deleted file mode 100644 index e69de29..0000000 diff --git a/VPC/Environment/Testv1/providers.tf b/VPC/Environment/Testv1/providers.tf deleted file mode 100644 index bd011dc..0000000 --- a/VPC/Environment/Testv1/providers.tf +++ /dev/null @@ -1,13 +0,0 @@ -terraform { - required_version = ">= 1.0" - required_providers { - aws = { - source = "hashicorp/aws" - version = "6.0.0-beta2" - } - } - -} -provider "aws" { - region = local.region -} diff --git a/VPC/Environment/Testv1/variables.tf b/VPC/Environment/Testv1/variables.tf deleted file mode 100644 index 4ac718b..0000000 --- a/VPC/Environment/Testv1/variables.tf +++ /dev/null @@ -1,16 +0,0 @@ - -########################################################## -# VPC -########################################################## -variable "name" { - description = "Global name for all resources" - type = string - default = "Tim" -} - -# variable "tags" { -# description = "Global tags to apply to all resources" -# type = map(string) -# default = {} -# } - From d39736d5ab461e3072f395b7ece5c39b6a70a79e Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 26 Jun 2025 02:07:47 -0400 Subject: [PATCH 24/43] a big win for the VNET module --- VNET/environment/.gitignore | 41 ++++ VNET/environment/dev/.gitignore | 41 ++++ VNET/environment/test-v1/.gitignore | 41 ++++ VNET/environment/test-v1/backend.tf | 9 + VNET/environment/test-v1/main.tf | 198 ++++++++++++++++++ VNET/environment/test-v1/providers.tf | 22 ++ VNET/environment/test-v1/variables.tf | 0 VNET/modules/network-security-group/main.tf | 26 +++ .../modules/network-security-group/outputs.tf | 0 .../network-security-group/variables.tf | 35 ++++ VNET/modules/resource-group/.gitignore | 41 ++++ VNET/modules/resource-group/main.tf | 13 ++ VNET/modules/resource-group/outputs.tf | 11 + VNET/modules/resource-group/variables.tf | 16 ++ VNET/modules/storage-account/.gitignore | 41 ++++ VNET/modules/storage-account/main.tf | 29 +++ VNET/modules/storage-account/outputs.tf | 4 + VNET/modules/storage-account/variables.tf | 34 +++ VNET/modules/subnet/.gitignore | 41 ++++ VNET/modules/subnet/main.tf | 25 +++ VNET/modules/subnet/outputs.tf | 9 + VNET/modules/subnet/variables.tf | 24 +++ VNET/modules/virtual-network/.gitignore | 41 ++++ VNET/modules/virtual-network/main.tf | 14 ++ VNET/modules/virtual-network/outputs.tf | 13 ++ VNET/modules/virtual-network/variables.tf | 18 ++ 26 files changed, 787 insertions(+) create mode 100644 VNET/environment/.gitignore create mode 100644 VNET/environment/dev/.gitignore create mode 100644 VNET/environment/test-v1/.gitignore create mode 100644 VNET/environment/test-v1/backend.tf create mode 100644 VNET/environment/test-v1/main.tf create mode 100644 VNET/environment/test-v1/providers.tf create mode 100644 VNET/environment/test-v1/variables.tf create mode 100644 VNET/modules/network-security-group/main.tf create mode 100644 VNET/modules/network-security-group/outputs.tf create mode 100644 VNET/modules/network-security-group/variables.tf create mode 100644 VNET/modules/resource-group/.gitignore create mode 100644 VNET/modules/resource-group/main.tf create mode 100644 VNET/modules/resource-group/outputs.tf create mode 100644 VNET/modules/resource-group/variables.tf create mode 100644 VNET/modules/storage-account/.gitignore create mode 100644 VNET/modules/storage-account/main.tf create mode 100644 VNET/modules/storage-account/outputs.tf create mode 100644 VNET/modules/storage-account/variables.tf create mode 100644 VNET/modules/subnet/.gitignore create mode 100644 VNET/modules/subnet/main.tf create mode 100644 VNET/modules/subnet/outputs.tf create mode 100644 VNET/modules/subnet/variables.tf create mode 100644 VNET/modules/virtual-network/.gitignore create mode 100644 VNET/modules/virtual-network/main.tf create mode 100644 VNET/modules/virtual-network/outputs.tf create mode 100644 VNET/modules/virtual-network/variables.tf diff --git a/VNET/environment/.gitignore b/VNET/environment/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VNET/environment/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VNET/environment/dev/.gitignore b/VNET/environment/dev/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VNET/environment/dev/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VNET/environment/test-v1/.gitignore b/VNET/environment/test-v1/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VNET/environment/test-v1/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VNET/environment/test-v1/backend.tf b/VNET/environment/test-v1/backend.tf new file mode 100644 index 0000000..80f03d7 --- /dev/null +++ b/VNET/environment/test-v1/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "azurerm" { + resource_group_name = "tf_state" + storage_account_name = "tfstatefile84" + container_name = "testtfstate" + key = "multiclonetwork.terraform.tfstate" + subscription_id = "61fbcac7-2f66-43f1-aca9-bfbab5b91195" + } +} \ No newline at end of file diff --git a/VNET/environment/test-v1/main.tf b/VNET/environment/test-v1/main.tf new file mode 100644 index 0000000..2e81e24 --- /dev/null +++ b/VNET/environment/test-v1/main.tf @@ -0,0 +1,198 @@ +############################################################################################# +# Local Variables +############################################################################################# + +locals { + environment = "test-v1" + vnet_name = "vnet-${local.environment}" + location = "eastus" + second_location = "westus" + name = "smooth" + global_name = "${local.name}-${local.environment}" + tags = { + environment = local.environment + name = local.name + } + vnet_address_space = ["10.0.0.0/16"] + vnet2_address_space = ["10.10.0.0/16"] +} + +############################################################################################# +# Resource Group Module +############################################################################################# + +module "resource_group" { + source = "../../modules/resource-group" + resource_groups = { + smooths_rg1 = { + name = "smooths-rg1" + location = local.location + } + smooth_rg2 = { + name = "smooth-rg2" + location = local.second_location + } + } + tags = local.tags + +} + +############################################################################################# +# Virtual Network Module +############################################################################################# + + +module "virtual_network" { + source = "../../modules/virtual-network" + virtual_network = { + smooths_vnet1 = { + name = local.vnet_name + address_space = local.vnet_address_space + location = local.location + resource_group_name = module.resource_group.resource_group_name["smooths_rg1"] + } + smooths_vnet2 = { + name = local.vnet_name + address_space = local.vnet2_address_space + location = local.second_location + resource_group_name = module.resource_group.resource_group_name["smooth_rg2"] + } + + } + tags = local.tags +} + +############################################################################################# +# Subnet Module +############################################################################################# + +module "subnets" { + source = "../../modules/subnet" + subnets = { + smooths_subnet1 = { + name = "smooths-subnet1" + resource_group_name = module.resource_group.resource_group_name["smooths_rg1"] + virtual_network_name = module.virtual_network.virutal_network_name["smooths_vnet1"] + address_prefixes = ["10.0.1.0/24"] + + service_endpoints = [ + "Microsoft.Storage", + "Microsoft.Sql", + ] + } + smooths_subnet2 = { + name = "smooths-subnet2" + resource_group_name = module.resource_group.resource_group_name["smooths_rg1"] + virtual_network_name = module.virtual_network.virutal_network_name["smooths_vnet1"] + address_prefixes = ["10.0.2.0/24"] + } + smooth_subnet1 = { + name = "smooths-subnet1" + resource_group_name = module.resource_group.resource_group_name["smooth_rg2"] + virtual_network_name = module.virtual_network.virutal_network_name["smooths_vnet2"] + address_prefixes = ["10.10.10.0/24"] + + } + smooth_subnet2 = { + name = "smooths-subnet2" + resource_group_name = module.resource_group.resource_group_name["smooth_rg2"] + virtual_network_name = module.virtual_network.virutal_network_name["smooths_vnet2"] + address_prefixes = ["10.10.1.0/24"] + + delegation = { + name = "delegation1" + + service_delegation = { + name = "Microsoft.ContainerInstance/containerGroups" + actions = [ + "Microsoft.Network/networkinterfaces/*", + "Microsoft.Network/virtualNetworks/subnets/join/action", + + ] + } + } + } + } +} + +######################################################################################### +# Storage Account +######################################################################################### + +module "storage_accounts" { + source = "../../modules/storage-account" + storage_accounts = { + smooths_sa1 = { + name = "smoothssa1" + resource_group_name = module.resource_group.resource_group_name["smooths_rg1"] + location = local.location + account_tier = "Standard" + account_replication_type = "LRS" + } + smooths_sa2 = { + name = "smoothssa2" + resource_group_name = module.resource_group.resource_group_name["smooth_rg2"] + location = local.second_location + account_tier = "Standard" + account_replication_type = "LRS" + } + } + storage_containers = { + smooths_container1 = { + name = "smooths-container1" + storage_account_id = module.storage_accounts.storage_account_id["smooths_sa1"] + container_access_type = "private" + } + smooths_container2 = { + name = "smooths-container2" + storage_account_id = module.storage_accounts.storage_account_id["smooths_sa2"] + container_access_type = "private" + } + } + tags = local.tags +} + +######################################################################################### +# Network Security Group +######################################################################################### + +module "network_security_group" { + source = "../../modules/network-security-group" + + network_security_groups = { + smooths_nsg1 = { + name = "smooths-nsg1" + location = local.location + resource_group_name = module.resource_group.resource_group_name["smooths_rg1"] + } + } + network_security_group_rules = { + smooths_nsg_rule1 = { + name = "smooths-nsg-rule1" + priority = 100 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_address_prefix = "*" + destination_address_prefix = "*" + source_port_range = "*" + destination_port_range = "80" + target_nsg_key = "smooths_nsg1" + resource_group_name = module.resource_group.resource_group_name["smooths_rg1"] + } + smooths_nsg_rule2 = { + name = "smooths-nsg-rule2" + priority = 200 + direction = "Outbound" + access = "Allow" + protocol = "Tcp" + source_address_prefix = "*" + destination_address_prefix = "*" + source_port_range = "*" + destination_port_range = "443" + target_nsg_key = "smooths_nsg1" + resource_group_name = module.resource_group.resource_group_name["smooths_rg1"] + } + } + tags = local.tags +} diff --git a/VNET/environment/test-v1/providers.tf b/VNET/environment/test-v1/providers.tf new file mode 100644 index 0000000..07a2939 --- /dev/null +++ b/VNET/environment/test-v1/providers.tf @@ -0,0 +1,22 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "4.34.0" + } + } +} +# Configure the Microsoft Azure Provider +provider "azurerm" { + subscription_id = "61fbcac7-2f66-43f1-aca9-bfbab5b91195" + features { + resource_group { + prevent_deletion_if_contains_resources = false + } + key_vault { + purge_soft_delete_on_destroy = true + recover_soft_deleted_key_vaults = true + } + + } +} \ No newline at end of file diff --git a/VNET/environment/test-v1/variables.tf b/VNET/environment/test-v1/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/VNET/modules/network-security-group/main.tf b/VNET/modules/network-security-group/main.tf new file mode 100644 index 0000000..c86b9d4 --- /dev/null +++ b/VNET/modules/network-security-group/main.tf @@ -0,0 +1,26 @@ +#################################################################################### +# Network Security Group Module +#################################################################################### + +resource "azurerm_network_security_group" "this" { + for_each = var.network_security_groups + name = each.value.name + location = each.value.location + resource_group_name = each.value.resource_group_name +} + +resource "azurerm_network_security_rule" "this" { + for_each = var.network_security_group_rules + name = each.value.name + priority = each.value.priority + direction = each.value.direction + access = each.value.access + protocol = each.value.protocol + source_address_prefix = each.value.source_address_prefix + destination_address_prefix = each.value.destination_address_prefix + source_port_range = each.value.source_port_range + destination_port_range = each.value.destination_port_range + network_security_group_name = azurerm_network_security_group.this[each.value.target_nsg_key].name + resource_group_name = azurerm_network_security_group.this[each.value.target_nsg_key].resource_group_name +} + diff --git a/VNET/modules/network-security-group/outputs.tf b/VNET/modules/network-security-group/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VNET/modules/network-security-group/variables.tf b/VNET/modules/network-security-group/variables.tf new file mode 100644 index 0000000..e7498ee --- /dev/null +++ b/VNET/modules/network-security-group/variables.tf @@ -0,0 +1,35 @@ +#################################################################################### +# Network Security Group Variables +#################################################################################### + + +variable "tags" { + description = "Tags to apply to all resources" + type = map(string) +} + +variable "network_security_groups" { + description = "Map of network security groups to create" + type = map(object({ + name = string + location = string + resource_group_name = string + })) +} + +variable "network_security_group_rules" { + description = "Map of network security group rules to create" + type = map(object({ + name = string + priority = number + direction = string # e.g. "Inbound", "Outbound" + access = string # e.g. "Allow", "Deny" + protocol = string # e.g. "Tcp", "Udp", "*" + source_address_prefix = optional(string, "*") + destination_address_prefix = optional(string, "*") + source_port_range = optional(string, "*") + destination_port_range = optional(string, "*") + target_nsg_key = optional(string, null) # Key to reference the target NSG in the azurerm_network_security_group resource + + })) +} \ No newline at end of file diff --git a/VNET/modules/resource-group/.gitignore b/VNET/modules/resource-group/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VNET/modules/resource-group/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VNET/modules/resource-group/main.tf b/VNET/modules/resource-group/main.tf new file mode 100644 index 0000000..66d050a --- /dev/null +++ b/VNET/modules/resource-group/main.tf @@ -0,0 +1,13 @@ +##################################################################### +# Resource Group Module +####################################################################### + + + +resource "azurerm_resource_group" "this" { + for_each = var.resource_groups + name = each.value.name + location = each.value.location + + tags = var.tags +} \ No newline at end of file diff --git a/VNET/modules/resource-group/outputs.tf b/VNET/modules/resource-group/outputs.tf new file mode 100644 index 0000000..074ba06 --- /dev/null +++ b/VNET/modules/resource-group/outputs.tf @@ -0,0 +1,11 @@ +output "resource_group_name" { + description = "The name of the resource group." + value = {for k ,v in azurerm_resource_group.this : k => v.name} + +} + +output "location" { + description = "The location of the resource group." + value = {for k ,v in azurerm_resource_group.this : k => v.location} + +} \ No newline at end of file diff --git a/VNET/modules/resource-group/variables.tf b/VNET/modules/resource-group/variables.tf new file mode 100644 index 0000000..ee81305 --- /dev/null +++ b/VNET/modules/resource-group/variables.tf @@ -0,0 +1,16 @@ +##################################################################### +# Resource Group Variables +####################################################################### + +variable "resource_groups" { + description = "Map of resource groups to create" + type = map(object({ + name = string + location = string + })) +} + +variable "tags"{ + description = "Tags to apply to the resource group" + type = map(string) +} \ No newline at end of file diff --git a/VNET/modules/storage-account/.gitignore b/VNET/modules/storage-account/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VNET/modules/storage-account/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VNET/modules/storage-account/main.tf b/VNET/modules/storage-account/main.tf new file mode 100644 index 0000000..b27b0d8 --- /dev/null +++ b/VNET/modules/storage-account/main.tf @@ -0,0 +1,29 @@ +######################################################################################### +# Storage Account +######################################################################################### + +resource "azurerm_storage_account" "this" { + for_each = var. storage_accounts + name = each.value.name + resource_group_name = each.value.resource_group_name + location = each.value.location + account_tier = each.value.account_tier + account_replication_type = each.value.account_replication_type + + tags = var.tags + + + +} + +######################################################################################### +# Container Variables +######################################################################################### +resource "azurerm_storage_container" "this" { + for_each = var.storage_containers + name = each.value.name + storage_account_id = each.value.storage_account_id + container_access_type = each.value.container_access_type + + depends_on = [ azurerm_storage_account.this ] +} \ No newline at end of file diff --git a/VNET/modules/storage-account/outputs.tf b/VNET/modules/storage-account/outputs.tf new file mode 100644 index 0000000..6673839 --- /dev/null +++ b/VNET/modules/storage-account/outputs.tf @@ -0,0 +1,4 @@ +output "storage_account_id" { + description = "Storage account ID." + value = {for k, v in azurerm_storage_account.this : k => v.id} +} \ No newline at end of file diff --git a/VNET/modules/storage-account/variables.tf b/VNET/modules/storage-account/variables.tf new file mode 100644 index 0000000..aae37fe --- /dev/null +++ b/VNET/modules/storage-account/variables.tf @@ -0,0 +1,34 @@ +######################################################################################### +# Storage Account Variables +######################################################################################### + +variable "storage_accounts" { + description = "Map of storage accounts to create" + type = map(object({ + name = string + location = string + resource_group_name = string + account_tier = string # e.g. "Standard", "Premium" + account_replication_type = string # e.g. "Standard_LRS", "Premium_LRS", etc. + })) +} + + +######################################################################################### +# Container Variables +######################################################################################### + +variable "storage_containers" { + description = "Map of storage containers to create" + type = map(object({ + name = string + storage_account_id = string + container_access_type = string # e.g. "private", "blob", "container" + })) +} + +variable "tags" { + description = "Tags to apply to the storage accounts and containers" + type = map(string) + +} \ No newline at end of file diff --git a/VNET/modules/subnet/.gitignore b/VNET/modules/subnet/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VNET/modules/subnet/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VNET/modules/subnet/main.tf b/VNET/modules/subnet/main.tf new file mode 100644 index 0000000..7137f55 --- /dev/null +++ b/VNET/modules/subnet/main.tf @@ -0,0 +1,25 @@ +################################################################################ +# Subnet Module +################################################################################ + +resource "azurerm_subnet" "this" { + for_each = var.subnets + name = each.value.name + resource_group_name = each.value.resource_group_name + virtual_network_name = each.value.virtual_network_name + address_prefixes = each.value.address_prefixes + + dynamic "delegation" { + for_each = each.value.delegation == null ? [] : [each.value.delegation] + + content { + name = delegation.value.name + + service_delegation { + name = delegation.value.service_delegation.name + actions = delegation.value.service_delegation.actions + } + } + } + service_endpoints = each.value.service_endpoints +} \ No newline at end of file diff --git a/VNET/modules/subnet/outputs.tf b/VNET/modules/subnet/outputs.tf new file mode 100644 index 0000000..3309ec8 --- /dev/null +++ b/VNET/modules/subnet/outputs.tf @@ -0,0 +1,9 @@ +output "subnet_id" { + description = "The ID of the subnet." + value = {for k, v in azurerm_subnet.this : k => v.id} + +} +output "subnet_address_prefixes" { + description = "subnet address prefixes aka subnet CIDR." + value = {for k, v in azurerm_subnet.this : k => v.address_prefixes} +} \ No newline at end of file diff --git a/VNET/modules/subnet/variables.tf b/VNET/modules/subnet/variables.tf new file mode 100644 index 0000000..2bd9a00 --- /dev/null +++ b/VNET/modules/subnet/variables.tf @@ -0,0 +1,24 @@ +################################################################################ +# Subnet Variables +################################################################################ + +variable "subnets" { + description = "Map of subnets to create" + type = map(object({ + name = string + address_prefixes = list(string) + virtual_network_name = string + resource_group_name = string + service_endpoints = optional(list(string), []) + network_security_group_id = optional(string, null) + delegation = optional(object({ + name = string + service_delegation = object({ + name = string + actions = list(string) + }) + service_endpoints = optional(list(string), []), + })) + })) + +} \ No newline at end of file diff --git a/VNET/modules/virtual-network/.gitignore b/VNET/modules/virtual-network/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VNET/modules/virtual-network/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VNET/modules/virtual-network/main.tf b/VNET/modules/virtual-network/main.tf new file mode 100644 index 0000000..36edbe8 --- /dev/null +++ b/VNET/modules/virtual-network/main.tf @@ -0,0 +1,14 @@ +################################################################################ +# Virtul Network Module +################################################################################ + +resource "azurerm_virtual_network" "this" { + for_each = var.virtual_network + name = each.value.name + address_space = each.value.address_space + location = each.value.location + resource_group_name = each.value.resource_group_name + + tags = var.tags + +} \ No newline at end of file diff --git a/VNET/modules/virtual-network/outputs.tf b/VNET/modules/virtual-network/outputs.tf new file mode 100644 index 0000000..1459d8b --- /dev/null +++ b/VNET/modules/virtual-network/outputs.tf @@ -0,0 +1,13 @@ +output "virutal_network_name" { + description = "The name of the virtual network." + value = {for k, v in azurerm_virtual_network.this : k => v.name} + +} + +output "vnet_address_space" { + description = "The address space of the virtual network." + value = {for k, v in azurerm_virtual_network.this : k => v.address_space} + +} + + diff --git a/VNET/modules/virtual-network/variables.tf b/VNET/modules/virtual-network/variables.tf new file mode 100644 index 0000000..593b74f --- /dev/null +++ b/VNET/modules/virtual-network/variables.tf @@ -0,0 +1,18 @@ +################################################################################ +# Virtul Network Variables +################################################################################ + +variable "virtual_network" { + description = "Map of virtual networks to create" + type = map(object({ + name = string + address_space = list(string) + location = string + resource_group_name = string + })) +} +variable "tags" { + description = "Tags to apply all resources" + type = map(string) + +} \ No newline at end of file From 2ab708bded9d11f8934d6bdc22da0a130f51bacd Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 26 Jun 2025 02:11:12 -0400 Subject: [PATCH 25/43] Removed sensitive info --- VNET/environment/test-v1/backend.tf | 2 +- VNET/environment/test-v1/providers.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/VNET/environment/test-v1/backend.tf b/VNET/environment/test-v1/backend.tf index 80f03d7..1f6d9a8 100644 --- a/VNET/environment/test-v1/backend.tf +++ b/VNET/environment/test-v1/backend.tf @@ -4,6 +4,6 @@ terraform { storage_account_name = "tfstatefile84" container_name = "testtfstate" key = "multiclonetwork.terraform.tfstate" - subscription_id = "61fbcac7-2f66-43f1-aca9-bfbab5b91195" + subscription_id = "" } } \ No newline at end of file diff --git a/VNET/environment/test-v1/providers.tf b/VNET/environment/test-v1/providers.tf index 07a2939..eeb0764 100644 --- a/VNET/environment/test-v1/providers.tf +++ b/VNET/environment/test-v1/providers.tf @@ -8,7 +8,7 @@ terraform { } # Configure the Microsoft Azure Provider provider "azurerm" { - subscription_id = "61fbcac7-2f66-43f1-aca9-bfbab5b91195" + subscription_id = "" features { resource_group { prevent_deletion_if_contains_resources = false From cd3e06ae2bca49eacda38116b574fefa6b3fed8b Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 26 Jun 2025 17:49:52 -0400 Subject: [PATCH 26/43] version 1 of the vpc peering module using the VPC Module --- .../Modules/single-vpc-to-vpc-v2/main.tf | 30 +++++++++++++++++++ .../Modules/single-vpc-to-vpc-v2/outputs.tf | 3 ++ .../Modules/single-vpc-to-vpc-v2/variables.tf | 29 ++++++++++++++++++ Vnet-Peering/Environments/test/backend.tf | 0 Vnet-Peering/Environments/test/main.tf | 0 Vnet-Peering/Environments/test/providers.tf | 0 Vnet-Peering/Environments/test/variables.tf | 0 7 files changed, 62 insertions(+) create mode 100644 VPC-Peering/Modules/single-vpc-to-vpc-v2/main.tf create mode 100644 VPC-Peering/Modules/single-vpc-to-vpc-v2/outputs.tf create mode 100644 VPC-Peering/Modules/single-vpc-to-vpc-v2/variables.tf create mode 100644 Vnet-Peering/Environments/test/backend.tf create mode 100644 Vnet-Peering/Environments/test/main.tf create mode 100644 Vnet-Peering/Environments/test/providers.tf create mode 100644 Vnet-Peering/Environments/test/variables.tf diff --git a/VPC-Peering/Modules/single-vpc-to-vpc-v2/main.tf b/VPC-Peering/Modules/single-vpc-to-vpc-v2/main.tf new file mode 100644 index 0000000..a5c7f04 --- /dev/null +++ b/VPC-Peering/Modules/single-vpc-to-vpc-v2/main.tf @@ -0,0 +1,30 @@ +data "aws_caller_identity" "peer" { +} + +### Requesters/Source side of the connection ### +resource "aws_vpc_peering_connection" "this_connection" { + + for_each = var. vpc_peering_connection + peer_owner_id = data.aws_caller_identity.peer.account_id + peer_vpc_id = each.value.peer_vpc_id ## Accepter VPC ID + vpc_id = each.value.vpc_id ## Requester VPC ID + auto_accept = each.value.auto_accept ## Auto accept the connection + peer_region = each.value.peer_region ## Destination VPC region + + tags = var.tags + +} + + +### Accepters/Destination side of the connection ### +resource "aws_vpc_peering_connection_accepter" "dest_peer" { + for_each = aws_vpc_peering_connection.this_connection + vpc_peering_connection_id = each.value.id ## VPC Peering Connection ID + auto_accept = each.value.auto_accept ## Auto accept the connection + + + +tags = var.tags + + +} \ No newline at end of file diff --git a/VPC-Peering/Modules/single-vpc-to-vpc-v2/outputs.tf b/VPC-Peering/Modules/single-vpc-to-vpc-v2/outputs.tf new file mode 100644 index 0000000..6bab74c --- /dev/null +++ b/VPC-Peering/Modules/single-vpc-to-vpc-v2/outputs.tf @@ -0,0 +1,3 @@ +output "this_connection" { + value = { for k, v in aws_vpc_peering_connection.this_connection : k => v.id } +} \ No newline at end of file diff --git a/VPC-Peering/Modules/single-vpc-to-vpc-v2/variables.tf b/VPC-Peering/Modules/single-vpc-to-vpc-v2/variables.tf new file mode 100644 index 0000000..d8ac88e --- /dev/null +++ b/VPC-Peering/Modules/single-vpc-to-vpc-v2/variables.tf @@ -0,0 +1,29 @@ +################################################################### +# VPC Peering Variables +################################################################### + +variable "vpc_peering_connection" { + description = "Map of VPC Peering Connection attributes" + type = map(object({ + name = optional(string) + vpc_id = string # Requester VPC ID + peer_vpc_id = string # Accepter VPC ID + peer_region = optional(string) # Destination VPC region + auto_accept = bool + })) +} + +variable "vpc_peering_accepter" { + description = "Map of VPC Peering Accepter attributes" + type = map(object({ + vpc_peering_connection_id = string + auto_accept = bool + name = optional(string) + })) +} + +variable "tags" { + description = "Map of tags to apply to the VPC Peering Connection and Accepter" + type = map(string) + +} \ No newline at end of file diff --git a/Vnet-Peering/Environments/test/backend.tf b/Vnet-Peering/Environments/test/backend.tf new file mode 100644 index 0000000..e69de29 diff --git a/Vnet-Peering/Environments/test/main.tf b/Vnet-Peering/Environments/test/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/Vnet-Peering/Environments/test/providers.tf b/Vnet-Peering/Environments/test/providers.tf new file mode 100644 index 0000000..e69de29 diff --git a/Vnet-Peering/Environments/test/variables.tf b/Vnet-Peering/Environments/test/variables.tf new file mode 100644 index 0000000..e69de29 From 694a004931e60ca0029f76eb1b74038e52f70a75 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 26 Jun 2025 17:56:41 -0400 Subject: [PATCH 27/43] a new commit for the route tables --- VPC/Modules/VPC/main.tf | 1 + VPC/Modules/route-tables/main.tf | 11 +++++++++-- VPC/Modules/route-tables/variables.tf | 4 ++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/VPC/Modules/VPC/main.tf b/VPC/Modules/VPC/main.tf index b9c41ac..36a4758 100644 --- a/VPC/Modules/VPC/main.tf +++ b/VPC/Modules/VPC/main.tf @@ -6,6 +6,7 @@ resource "aws_vpc" "this_vpc" { for_each = var.vpc_attributes + # provider = each.value.region == "us-east-1" ? aws.us-east : aws.us-west cidr_block = each.value.cidr_block enable_dns_support = each.value.enable_dns_support enable_dns_hostnames = each.value.enable_dns_hostnames diff --git a/VPC/Modules/route-tables/main.tf b/VPC/Modules/route-tables/main.tf index 2929d66..56fca5d 100644 --- a/VPC/Modules/route-tables/main.tf +++ b/VPC/Modules/route-tables/main.tf @@ -25,7 +25,10 @@ resource aws_route "public_routes" { route_table_id = each.value.route_table_id destination_cidr_block = each.value.destination_cidr_block - gateway_id = each.value.gateway_id + gateway_id = lookup(each.value, "gateway_id", null) + nat_gateway_id = lookup(each.value, "nat_gateway_id", null) + vpc_peering_connection_id = lookup(each.value, "vpc_peering_connection_id", null) + transit_gateway_id = lookup(each.value, "transit_gateway_id", null) depends_on = [aws_route_table.public ] @@ -61,7 +64,11 @@ resource "aws_route" "private_routes" { for_each = var.private_routes route_table_id = each.value.route_table_id destination_cidr_block = each.value.destination_cidr_block - nat_gateway_id = each.value.nat_gateway_id + gateway_id = lookup(each.value, "gateway_id", null) + nat_gateway_id = lookup(each.value, "nat_gateway_id", null) + vpc_peering_connection_id = lookup(each.value, "vpc_peering_connection_id", null) + transit_gateway_id = lookup(each.value, "transit_gateway_id", null) + depends_on = [aws_route_table.private ] diff --git a/VPC/Modules/route-tables/variables.tf b/VPC/Modules/route-tables/variables.tf index 7c92a83..793b1a9 100644 --- a/VPC/Modules/route-tables/variables.tf +++ b/VPC/Modules/route-tables/variables.tf @@ -38,7 +38,7 @@ variable "public_routes" { destination_cidr_block = string gateway_id = optional(string, null) nat_gateway_id = optional(string, null) - peering_connection_id = optional(string, null) + vpc_peering_connection_id = optional(string, null) transit_gateway_id = optional(string, null) })) @@ -94,7 +94,7 @@ variable "private_routes" { destination_cidr_block = string gateway_id = optional(string, null) nat_gateway_id = optional(string, null) - peering_connection_id = optional(string, null) + vpc_peering_connection_id = optional(string, null) transit_gateway_id = optional(string, null) })) From 45470e1119570d588242be2549a3f8af60acd29d Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 27 Jun 2025 03:11:07 -0400 Subject: [PATCH 28/43] another one --- VPC-Peering/Environments/dev/main.tf | 347 ++++++++++++++++++++++++++ virtual-machines/.DS_Store | Bin 0 -> 6148 bytes virtual-machines/AWS/EC2/main.tf | 22 ++ virtual-machines/AWS/EC2/outputs.tf | 0 virtual-machines/AWS/EC2/variables.tf | 22 ++ 5 files changed, 391 insertions(+) create mode 100644 virtual-machines/.DS_Store create mode 100644 virtual-machines/AWS/EC2/main.tf create mode 100644 virtual-machines/AWS/EC2/outputs.tf create mode 100644 virtual-machines/AWS/EC2/variables.tf diff --git a/VPC-Peering/Environments/dev/main.tf b/VPC-Peering/Environments/dev/main.tf index e69de29..d6faa7a 100644 --- a/VPC-Peering/Environments/dev/main.tf +++ b/VPC-Peering/Environments/dev/main.tf @@ -0,0 +1,347 @@ +locals { + region = "us-east-1" + region_2 = "us-east-1" + tags = { + Environment = "dev" + Project = "VPC-Peering" + Owner = "Smooth" + } + + name = "vpc-peering-dev" + + vpc_names = { + requester = "${local.name}-requester" + accepter = "${local.name}-accepter" + } +} + + +################################################################### +# VPC Module +################################################################### + +module "vpc" { + source = "../../../VPC/Modules/vpc" + + + tags = local.tags + # name = local.name + vpc_attributes = { + "requester_vpc" = { + cidr_block = "10.0.0.0/16" + enable_dns_support = true + enable_dns_hostnames = true + region = local.region + name = local.vpc_names.requester + }, + "accepter_vpc" = { + cidr_block = "10.10.0.0/16" + enable_dns_support = true + enable_dns_hostnames = true + region = local.region_2 + name = local.vpc_names.accepter + + } + } +} + +################################################################### +# Subnet Module +################################################################### + +module "subnets" { + source = "../../../VPC/modules/subnets" + name = local.name + tags = local.tags + + private_subnets = { + "requester-priv-subnet-1" = { + cidr_block = ["10.0.0.0/24"] + availability_zone = ["us-east-1a"] + map_public_ip_on_launch = false + vpc_id = module.vpc.vpc_id["requester_vpc"] + } + + "accepter-priv-subnet-1" = { + cidr_block = ["10.10.0.0/24"] + availability_zone = ["us-east-1a"] + map_public_ip_on_launch = false + vpc_id = module.vpc.vpc_id["accepter_vpc"] + } + } + public_subnets = { + "requester-pub-subnet-2" = { + cidr_block = ["10.0.1.0/24"] + availability_zone = ["us-east-1b"] + map_public_ip_on_launch = true + vpc_id = module.vpc.vpc_id["requester_vpc"] + + } + "accepter-pub-subnet-2" = { + cidr_block = ["10.10.1.0/24"] + availability_zone = ["us-east-1b"] + map_public_ip_on_launch = true + vpc_id = module.vpc.vpc_id["accepter_vpc"] + } + } +} + +################################################################### +# VPC Peering Module``` +################################################################### + +module "peerings" { + source = "../../modules/single-vpc-to-vpc-v2" + + vpc_peering_connection = { + "peering_connection" = { + vpc_id = module.vpc.vpc_id["requester_vpc"] # Requester VPC ID + peer_vpc_id = module.vpc.vpc_id["accepter_vpc"] # accepter VPC ID + + auto_accept = true # Auto accept the connection + name = "requester-peering" + + } + } + vpc_peering_accepter = { + accepter-peer = { + vpc_peering_connection_id = module.peerings.this_connection["peering_connection"] # VPC Peering Connection ID + auto_accept = true + name = "accepter-peer" # Auto accept the connection + } + } + + tags = local.tags + depends_on = [module.vpc, module.subnets] + +} + +################################################################### +# IGW - NAT Module +################################################################### + +module "igw-nat" { + source = "../../../VPC/modules/igw-nat" + eip = { + requester_eip = {} + accepter_eip = {} + } + + nat_gateway = { + requester-nat = { + allocation_id = module.igw-nat.allocation_id["requester_eip"] + subnet_id = module.subnets.public_subnets["requester-pub-subnet-2"] + } + accepter-nat = { + allocation_id = module.igw-nat.allocation_id["accepter_eip"] + subnet_id = module.subnets.public_subnets["accepter-pub-subnet-2"] + } + } + internet_gateway = { + requester-igw = { + vpc_id = module.vpc.vpc_id["requester_vpc"] + } + accepter-igw = { + vpc_id = module.vpc.vpc_id["accepter_vpc"] + } + } + tags = local.tags + name = "${local.name}-igw" + +} + +################################################################### +# Route table Module +################################################################### + +module "route-tables" { + source = "../../../VPC/modules/route-tables" + + tags = local.tags + name = local.name + public_route_tables = { + requester_pub_rt = { + vpc_id = module.vpc.vpc_id["requester_vpc"] + } + accepter_pub_rt = { + vpc_id = module.vpc.vpc_id["accepter_vpc"] + } + } + + private_route_tables = { + requester_priv_rt = { + vpc_id = module.vpc.vpc_id["requester_vpc"] + } + + accepter_priv_rt = { + vpc_id = module.vpc.vpc_id["accepter_vpc"] + } + } + + ############################################################################### + # Public Routes + ############################################################################### + public_routes = { + route-requester-igw = { + vpc_id = module.vpc.vpc_id["requester_vpc"] + route_table_id = module.route-tables.public_route_table_id["requester_pub_rt"] + gateway_id = module.igw-nat.igw_id["requester-igw"] + destination_cidr_block = "0.0.0.0/0" + + } + + route-accepter-igw = { + vpc_id = module.vpc.vpc_id["accepter_vpc"] + route_table_id = module.route-tables.public_route_table_id["accepter_pub_rt"] + gateway_id = module.igw-nat.igw_id["accepter-igw"] + destination_cidr_block = "0.0.0.0/0" + } + } + ############################################################################### + # Private Routes + ############################################################################### + + private_routes = { + route-requester-peer = { + route_table_id = module.route-tables.private_route_table_id["requester_priv_rt"] + vpc_peering_connection_id = module.peerings.this_connection["peering_connection"] + destination_cidr_block = module.vpc.vpc_cidr["accepter_vpc"] + } + route-requester-nat = { + route_table_id = module.route-tables.private_route_table_id["requester_priv_rt"] + nat_gateway_id = module.igw-nat.nat_id["requester-nat"] + destination_cidr_block = "0.0.0.0/0" + } + route-accepter-peer = { + route_table_id = module.route-tables.private_route_table_id["accepter_priv_rt"] + vpc_peering_connection_id = module.peerings.this_connection["peering_connection"] + destination_cidr_block = module.vpc.vpc_cidr["requester_vpc"] + } + route-accepter-nat = { + route_table_id = module.route-tables.private_route_table_id["accepter_priv_rt"] + nat_gateway_id = module.igw-nat.nat_id["accepter-nat"] + destination_cidr_block = "0.0.0.0/0" + } + + } + + ############################################################################### + # Route table associations + ############################################################################# + public_route_table_associations = { + pub-requester-assoc = { + route_table_id = module.route-tables.public_route_table_id["requester_pub_rt"] + subnet_id = module.subnets.public_subnets["requester-pub-subnet-2"] + } + pub-accepter-assoc = { + route_table_id = module.route-tables.public_route_table_id["accepter_pub_rt"] + subnet_id = module.subnets.public_subnets["accepter-pub-subnet-2"] + } + } + private_route_table_associations = { + priv-requester-assoc = { + route_table_id = module.route-tables.private_route_table_id["requester_priv_rt"] + subnet_id = module.subnets.private_subnets["requester-priv-subnet-1"] + } + priv-accepter-assoc = { + route_table_id = module.route-tables.private_route_table_id["accepter_priv_rt"] + subnet_id = module.subnets.private_subnets["accepter-priv-subnet-1"] + } + } + +} + +######################################################################## +# EC2 Module +######################################################################## + +module "ec2-instance" { + source = "../../../virtual-machines/AWS/EC2" + + tags = local.tags + name = local.name + + instance_attributes = { + requester_instance = { + instance_type = "t2.micro" + iam_instance_profile = module.ssm_policy.iam_instance_profile + subnet_id = module.subnets.private_subnets["requester-priv-subnet-1"] + vpc_security_group_ids = [module.security-groups.security_group_ids["requester_sg"]] + + } + accepter_instance = { + instance_type = "t2.micro" + iam_instance_profile = module.ssm_policy.iam_instance_profile + subnet_id = module.subnets.private_subnets["accepter-priv-subnet-1"] + vpc_security_group_ids = [module.security-groups.security_group_ids["accepter_sg"]] + + + } + accepter_instance2 = { + instance_type = "t2.micro" + iam_instance_profile = module.ssm_policy.iam_instance_profile + subnet_id = module.subnets.public_subnets["accepter-pub-subnet-2"] + vpc_security_group_ids = [module.security-groups.security_group_ids["accepter_sg"]] + + + } + } + +} +######################################################################## +# IAM SSM Policy +######################################################################## + +module "ssm_policy" { + source = "../../../IAM/SSM-Policy" + +} + +######################################################################## +# Secuirty Group +######################################################################## + +module "security-groups" { + source = "../../../vpc/modules/security-groups" + tags = local.tags + name = local.name + + security_groups = { + requester_sg = { + vpc_id = module.vpc.vpc_id["requester_vpc"] + description = "requester security group allow icmp" + } + accepter_sg = { + vpc_id = module.vpc.vpc_id["accepter_vpc"] + description = "accepter security group allow icmp" + } + } + ingress_rules = { + requester_ingress_icmp = { + type = "ingress" + from_port = -1 + to_port = -1 + protocol = "icmp" + security_group_id = module.security-groups.security_group_ids["requester_sg"] + cidr_blocks = ["0.0.0.0/0"] + + } + accepter_ingress_icmp = { + type = "ingress" + from_port = -1 + to_port = -1 + protocol = "icmp" + security_group_id = module.security-groups.security_group_ids["accepter_sg"] + cidr_blocks = ["0.0.0.0/0"] + } + } + egress_rules = { + requester_egress_rule = { + security_group_id = module.security-groups.security_group_ids["requester_sg"] + } + accepter_egress_rule = { + security_group_id = module.security-groups.security_group_ids["accepter_sg"] + } + } + +} \ No newline at end of file diff --git a/virtual-machines/.DS_Store b/virtual-machines/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..19843e4c4fce10e8e95ad1aa7fab49c615a03140 GIT binary patch literal 6148 zcmeHKJ5Iwu5S<~Gu!MwCQf|Wmaswwa2S6@pQHTUZg43jT$8k6S2jE(~`2dbAQc}Ph zY4&+%=IzR_@OVT-SBK3)WG*5#+)!R@nVRLzCw7*R3aEC*qI>9f`$^rYfN^KClsoCR zk7IuI_MO@FZM)v~Yeeej*X!HM^Y`UAyE&2FKaEcWe_G zRDcRlfiDH@`%vJ9P2v#fpAIZO0s!qd-VM(_O8|=nfKB2MhzLxB3Jj{|h@nA8ykuRI zI0Ob=)NjT)d9&t(qJBH##mhyTK(17P3LGmii|yR{{|)?y`Tv;29TlJge@X$Z+OA#U zm9n=^Ue0=Lf#1VF4Ygj5#al7ZTQN4)imyg>#h#IG5{E#iBkpt{e*{by8Ws2r1wH@{ C@*_q7 literal 0 HcmV?d00001 diff --git a/virtual-machines/AWS/EC2/main.tf b/virtual-machines/AWS/EC2/main.tf new file mode 100644 index 0000000..40423d8 --- /dev/null +++ b/virtual-machines/AWS/EC2/main.tf @@ -0,0 +1,22 @@ +######################################################################## +# EC2 Instance +######################################################################## + +resource "aws_instance" "this" { + for_each = var.instance_attributes + ami = "ami-000ec6c25978d5999" + instance_type = each.value.instance_type + iam_instance_profile = each.value.iam_instance_profile + subnet_id = each.value.subnet_id ## Ensure this is the private subnet, for SSM access + vpc_security_group_ids = each.value.vpc_security_group_ids + metadata_options { + http_tokens = "required" + } + root_block_device { + encrypted = true + } + tags = { + Name = "${var.name}-instance" + } + +} \ No newline at end of file diff --git a/virtual-machines/AWS/EC2/outputs.tf b/virtual-machines/AWS/EC2/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/virtual-machines/AWS/EC2/variables.tf b/virtual-machines/AWS/EC2/variables.tf new file mode 100644 index 0000000..92fdd4c --- /dev/null +++ b/virtual-machines/AWS/EC2/variables.tf @@ -0,0 +1,22 @@ +######################################################################## +# EC2 Variables +######################################################################## + +variable "instance_attributes" { + description = "Map of instances to create" + type = map(object({ + instance_type = string # t2.micro + iam_instance_profile = optional(string) + subnet_id = string + vpc_security_group_ids = optional(list(string)) + + })) +} + +variable "tags" { + description = "tags to apply" + type = map(string) +} +variable "name" { + +} \ No newline at end of file From 709973e48a0a1262bd157dbc301be98b41daf4aa Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 27 Jun 2025 03:13:40 -0400 Subject: [PATCH 29/43] yet another one --- VPC/Modules/VPC/main.tf | 4 +- VPC/Modules/VPC/outputs.tf | 8 +- VPC/Modules/VPC/variables.tf | 9 +- VPC/Modules/security-groups/main.tf | 117 +++++++++++++++++++---- VPC/Modules/security-groups/outputs.tf | 4 + VPC/Modules/security-groups/variables.tf | 108 +++++++++++++++++---- VPC/Modules/subnets/private.tf | 1 + VPC/Modules/subnets/public.tf | 1 + 8 files changed, 201 insertions(+), 51 deletions(-) diff --git a/VPC/Modules/VPC/main.tf b/VPC/Modules/VPC/main.tf index 36a4758..e89115a 100644 --- a/VPC/Modules/VPC/main.tf +++ b/VPC/Modules/VPC/main.tf @@ -14,8 +14,8 @@ resource "aws_vpc" "this_vpc" { tags = merge( { - Name = "${var.name}-vpc" - }, + Name = lookup(each.value, "name", "-${each.key}") + }, var.tags ) } diff --git a/VPC/Modules/VPC/outputs.tf b/VPC/Modules/VPC/outputs.tf index 3c80340..a5a403a 100644 --- a/VPC/Modules/VPC/outputs.tf +++ b/VPC/Modules/VPC/outputs.tf @@ -11,10 +11,10 @@ output "vpc_cidr" { } -output "name" { - description = "VPC ARN" - value = var.name -} +# output "name" { +# description = "VPC ARN" +# value = var.name +# } diff --git a/VPC/Modules/VPC/variables.tf b/VPC/Modules/VPC/variables.tf index c61beb3..185f785 100644 --- a/VPC/Modules/VPC/variables.tf +++ b/VPC/Modules/VPC/variables.tf @@ -1,10 +1,8 @@ +# variable "name" { +# type = string +# } -variable "name" { - description = "Global name for all resources" - type = string - default = "" -} variable "tags" { @@ -20,6 +18,7 @@ variable "vpc_attributes" { enable_dns_support = bool enable_dns_hostnames = bool region = string + name = string })) } diff --git a/VPC/Modules/security-groups/main.tf b/VPC/Modules/security-groups/main.tf index d006500..8beca7c 100644 --- a/VPC/Modules/security-groups/main.tf +++ b/VPC/Modules/security-groups/main.tf @@ -1,34 +1,35 @@ ###################################################################### ### Security Group ### ####################################################################### -resource "aws_security_group" "this_sg" { - vpc_id = var.vpc_id - description = var.security_group_description - - tags = merge( - { - Name = "${var.name}-sg" - }, - var.tags - ) + +resource "aws_security_group" "this" { + for_each = var.security_groups + vpc_id = each.value.vpc_id + description = each.value.description } +resource "aws_security_group_rule" "this" { + for_each = var.ingress_rules + type = each.value.type + from_port = each.value.from_port + to_port = each.value.to_port + protocol = each.value.protocol + security_group_id = each.value.security_group_id + cidr_blocks = each.value.cidr_blocks + + +} + +resource "aws_vpc_security_group_egress_rule" "this" { + for_each = var.egress_rules + security_group_id = each.value.security_group_id -resource "aws_security_group_rule" "ingress" { - for_each = { - for i, rule in var.ingress_rules : "rule-${i}" => rule - } + cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr + ip_protocol = "-1" - type = "ingress" - from_port = each.value.from_port - to_port = each.value.to_port - protocol = each.value.protocol - description = each.value.description - cidr_blocks = lookup(each.value, "cidr_blocks", []) - security_group_id = aws_security_group.this_sg.id } @@ -50,6 +51,80 @@ resource "aws_security_group_rule" "ingress" { + + + + + + + + + + + + + + + + + + + + + + + + + +# resource "aws_security_group" "this_sg" { +# vpc_id = var.vpc_id +# # provider = each.value.region == "us-east-1" ? aws.us-east : aws.us-west +# description = var.security_group_description +# tags = merge( +# { +# Name = "${var.name}-sg" +# }, +# var.tags +# ) +# } + + + + +# resource "aws_security_group_rule" "ingress" { + +# for_each = { +# for i, rule in var.ingress_rules : "rule-${i}" => rule +# } + +# type = "ingress" +# from_port = each.value.from_port +# to_port = each.value.to_port +# protocol = each.value.protocol +# description = each.value.description +# cidr_blocks = lookup(each.value, "cidr_blocks", []) +# security_group_id = aws_security_group.this_sg.id +# } + + + + + + + + + + + + + + + + + + + + diff --git a/VPC/Modules/security-groups/outputs.tf b/VPC/Modules/security-groups/outputs.tf index e69de29..57d54c1 100644 --- a/VPC/Modules/security-groups/outputs.tf +++ b/VPC/Modules/security-groups/outputs.tf @@ -0,0 +1,4 @@ +output "security_group_ids" { + description = "List of all security group IDs" + value = {for k, v in aws_security_group.this : k => v.id} +} diff --git a/VPC/Modules/security-groups/variables.tf b/VPC/Modules/security-groups/variables.tf index 8e78887..caf35f1 100644 --- a/VPC/Modules/security-groups/variables.tf +++ b/VPC/Modules/security-groups/variables.tf @@ -4,7 +4,6 @@ variable "name" { } - variable "tags" { description = "Tags for the resources" type = map(string) @@ -12,30 +11,101 @@ variable "tags" { } -variable "vpc_id" { - description = "VPC ID" - type = string - -} -variable "security_group_description" { - description = "description for the security group" - type = string - +variable "security_groups" { + description = "Map of secruity groups to create" + type = map(object({ + vpc_id = string + description = string + })) } - variable "ingress_rules" { - description = "List of ingress rules" - type = list(object({ - - from_port = number - to_port = number - protocol = string - description = string - cidr_blocks = optional(list(string), []) + description = "Map of ingress rules" + type = map(object({ + description = optional(string) + type = string + from_port = number + protocol = string + to_port = number + cidr_blocks = list(string) + security_group_id = string + })) } + +variable "egress_rules" { + description = "Map of ingress rules" + type = map(object({ + security_group_id = string + + })) +} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +# variable "vpc_id" { +# description = "VPC ID" +# type = string + +# } + +# variable "security_group_description" { +# description = "description for the security group" +# type = string + +# } + + +# variable "ingress_rules" { +# description = "List of ingress rules" +# type = list(object({ + +# from_port = number +# to_port = number +# protocol = string +# description = string +# cidr_blocks = optional(list(string), []) +# })) +# } diff --git a/VPC/Modules/subnets/private.tf b/VPC/Modules/subnets/private.tf index 5189cc7..0ef82f7 100644 --- a/VPC/Modules/subnets/private.tf +++ b/VPC/Modules/subnets/private.tf @@ -7,6 +7,7 @@ resource "aws_subnet" "private_subnets" { for_each = var.private_subnets + # provider = each.value.region == "us-east-1" ? aws.us-east : aws.us-west vpc_id = each.value.vpc_id cidr_block = each.value.cidr_block[0] availability_zone = each.value.availability_zone[0] diff --git a/VPC/Modules/subnets/public.tf b/VPC/Modules/subnets/public.tf index c67f8a0..c5976bc 100644 --- a/VPC/Modules/subnets/public.tf +++ b/VPC/Modules/subnets/public.tf @@ -11,6 +11,7 @@ resource "aws_subnet" "public_subnets" { for_each = var.public_subnets + # provider = each.value.region == "us-east-1" ? aws.us-east : aws.us-west vpc_id = each.value.vpc_id cidr_block = each.value.cidr_block[0] availability_zone = each.value.availability_zone[0] From 159444a4f1aa1c5a3f929fa03a65b6df41391c17 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 27 Jun 2025 16:53:57 -0400 Subject: [PATCH 30/43] one for the vnet-peering module --- Vnet-Peering/Environments/test/.gitignore | 41 ++++++ Vnet-Peering/Environments/test/backend.tf | 9 ++ Vnet-Peering/Environments/test/main.tf | 127 ++++++++++++++++++ Vnet-Peering/Environments/test/providers.tf | 22 +++ Vnet-Peering/modules/.gitignore | 41 ++++++ .../modules/peering-connection/.gitignore | 41 ++++++ .../modules/peering-connection/main.tf | 13 ++ .../modules/peering-connection/outputs.tf | 0 .../modules/peering-connection/variables.tf | 17 +++ 9 files changed, 311 insertions(+) create mode 100644 Vnet-Peering/Environments/test/.gitignore create mode 100644 Vnet-Peering/modules/.gitignore create mode 100644 Vnet-Peering/modules/peering-connection/.gitignore create mode 100644 Vnet-Peering/modules/peering-connection/main.tf create mode 100644 Vnet-Peering/modules/peering-connection/outputs.tf create mode 100644 Vnet-Peering/modules/peering-connection/variables.tf diff --git a/Vnet-Peering/Environments/test/.gitignore b/Vnet-Peering/Environments/test/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/Vnet-Peering/Environments/test/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/Vnet-Peering/Environments/test/backend.tf b/Vnet-Peering/Environments/test/backend.tf index e69de29..549c545 100644 --- a/Vnet-Peering/Environments/test/backend.tf +++ b/Vnet-Peering/Environments/test/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "azurerm" { + resource_group_name = "tf_state" + storage_account_name = "tfstatefile84" + container_name = "testtfstate" + key = "vnet-peering.terraform.tfstate" + subscription_id = "61fbcac7-2f66-43f1-aca9-bfbab5b91195" + } +} \ No newline at end of file diff --git a/Vnet-Peering/Environments/test/main.tf b/Vnet-Peering/Environments/test/main.tf index e69de29..f88467d 100644 --- a/Vnet-Peering/Environments/test/main.tf +++ b/Vnet-Peering/Environments/test/main.tf @@ -0,0 +1,127 @@ + + +locals { + environment = "test-v1" + vnet_name = "vnet-${local.environment}" + location = "eastus" + second_location = "westus" + name = "smooth" + global_name = "${local.name}-${local.environment}" + tags = { + environment = local.environment + name = local.name + } + vnet_address_space = ["10.0.0.0/16"] + vnet2_address_space = ["10.10.0.0/16"] +} + +##################################################################### +# Resource Group Module +####################################################################### +module "resource_group" { + source = "../../../VNET/modules/resource-group" + + resource_groups = { + requester_rg = { + name = "requester_rg" + location = local.location + } + accepter_rg = { + name = "accepter_rg" + location = local.location + } + } + tags = local.tags +} + + +################################################################################ +# Virtul Network Module +################################################################################ + +module "virtual_network" { + source = "../../../VNET/modules/virtual-network" + + virtual_network = { + requester_vnet = { + name = "requester_vnet" + address_space = local.vnet_address_space + location = local.location + resource_group_name = module.resource_group.resource_group_name["requester_rg"] + } + + accepter_vnet = { + name = "accepter_vnet" + address_space = local.vnet2_address_space + location = local.location + resource_group_name = module.resource_group.resource_group_name["accepter_rg"] + } + + } + tags = local.tags +} + +################################################################################ +# Subnet Module +################################################################################ + +module "subnets" { + source = "../../../VNET/modules/subnet" + + subnets = { + requester_pub_sub1 = { + name = "requester_pub_sub1" + address_prefixes = ["10.0.0.0/24"] + virtual_network_name = module.virtual_network.virutal_network_name["requester_vnet"] + resource_group_name = module.resource_group.resource_group_name["requester_rg"] + } + requester_pub_sub2 = { + name = "requester_pub_sub2" + address_prefixes = ["10.0.1.0/24"] + virtual_network_name = module.virtual_network.virutal_network_name["requester_vnet"] + resource_group_name = module.resource_group.resource_group_name["requester_rg"] + } + accepter_pub_sub1 = { + name = "accepter_pub_sub1" + address_prefixes = ["10.10.0.0/24"] + virtual_network_name = module.virtual_network.virutal_network_name["accepter_vnet"] + resource_group_name = module.resource_group.resource_group_name["accepter_rg"] + } + accepter_pub_sub2 = { + name = "accepter_pub_sub2" + address_prefixes = ["10.10.1.0/24"] + virtual_network_name = module.virtual_network.virutal_network_name["accepter_vnet"] + resource_group_name = module.resource_group.resource_group_name["accepter_rg"] + } + } + +} + +############################################################################################################## +# Virtual Network Peering +############################################################################################################## + +module "peerings" { + source = "../../../Vnet-Peering/modules/peering-connection" + + virtual_network_peering = { + request_accepter = { + name = "requester-accepter" + resource_group_name = module.resource_group.resource_group_name["requester_rg"] + virtual_network_name = module.virtual_network.virutal_network_name["requester_vnet"] + remote_virtual_network_id = module.virtual_network.virutal_network_id["accepter_vnet"] + allow_virtual_network_access = true + allow_forwarded_traffic = true + } + accepter_requester = { + name = "requester-accepter" + resource_group_name = module.resource_group.resource_group_name["accepter_rg"] + virtual_network_name = module.virtual_network.virutal_network_name["accepter_vnet"] + remote_virtual_network_id = module.virtual_network.virutal_network_id["requester_vnet"] + allow_virtual_network_access = true + allow_forwarded_traffic = true + } + } + +} + diff --git a/Vnet-Peering/Environments/test/providers.tf b/Vnet-Peering/Environments/test/providers.tf index e69de29..ceae77c 100644 --- a/Vnet-Peering/Environments/test/providers.tf +++ b/Vnet-Peering/Environments/test/providers.tf @@ -0,0 +1,22 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "4.34.0" + } + } +} +# Configure the Microsoft Azure Provider +provider "azurerm" { + subscription_id = "61fbcac7-2f66-43f1-aca9-bfbab5b91195" + features { + resource_group { + prevent_deletion_if_contains_resources = false + } + key_vault { + purge_soft_delete_on_destroy = true + recover_soft_deleted_key_vaults = true + } + + } +} diff --git a/Vnet-Peering/modules/.gitignore b/Vnet-Peering/modules/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/Vnet-Peering/modules/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/Vnet-Peering/modules/peering-connection/.gitignore b/Vnet-Peering/modules/peering-connection/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/Vnet-Peering/modules/peering-connection/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/Vnet-Peering/modules/peering-connection/main.tf b/Vnet-Peering/modules/peering-connection/main.tf new file mode 100644 index 0000000..8da6724 --- /dev/null +++ b/Vnet-Peering/modules/peering-connection/main.tf @@ -0,0 +1,13 @@ +############################################################################################################## +# Virtual Network Peering +############################################################################################################## + + + +resource "azurerm_virtual_network_peering" "this" { + for_each = var.virtual_network_peering + name = each.value.name + resource_group_name = each.value.resource_group_name + virtual_network_name = each.value.virtual_network_name + remote_virtual_network_id = each.value.remote_virtual_network_id +} \ No newline at end of file diff --git a/Vnet-Peering/modules/peering-connection/outputs.tf b/Vnet-Peering/modules/peering-connection/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/Vnet-Peering/modules/peering-connection/variables.tf b/Vnet-Peering/modules/peering-connection/variables.tf new file mode 100644 index 0000000..544f7c4 --- /dev/null +++ b/Vnet-Peering/modules/peering-connection/variables.tf @@ -0,0 +1,17 @@ +############################################################################################################## +# Virtual Network Peering Variables +############################################################################################################## + + +variable "virtual_network_peering" { + description = "Map of virtual network peerings" + type = map(object({ + name = string + resource_group_name = string + virtual_network_name = string + remote_virtual_network_id = string + allow_virtual_network_access = optional(bool) + allow_forwarded_traffic = optional(bool) + + })) +} \ No newline at end of file From 2d04cf89b9d0979d1931b581279f70e108fec5eb Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 27 Jun 2025 16:56:14 -0400 Subject: [PATCH 31/43] another one --- Vnet-Peering/Environments/test/backend.tf | 2 +- Vnet-Peering/Environments/test/providers.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Vnet-Peering/Environments/test/backend.tf b/Vnet-Peering/Environments/test/backend.tf index 549c545..984267f 100644 --- a/Vnet-Peering/Environments/test/backend.tf +++ b/Vnet-Peering/Environments/test/backend.tf @@ -4,6 +4,6 @@ terraform { storage_account_name = "tfstatefile84" container_name = "testtfstate" key = "vnet-peering.terraform.tfstate" - subscription_id = "61fbcac7-2f66-43f1-aca9-bfbab5b91195" + subscription_id = "" } } \ No newline at end of file diff --git a/Vnet-Peering/Environments/test/providers.tf b/Vnet-Peering/Environments/test/providers.tf index ceae77c..da30c99 100644 --- a/Vnet-Peering/Environments/test/providers.tf +++ b/Vnet-Peering/Environments/test/providers.tf @@ -8,7 +8,7 @@ terraform { } # Configure the Microsoft Azure Provider provider "azurerm" { - subscription_id = "61fbcac7-2f66-43f1-aca9-bfbab5b91195" + subscription_id = "" features { resource_group { prevent_deletion_if_contains_resources = false From c238f77f0ee022f5e754bcc9edc0920ad225c849 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Jul 2025 01:11:41 -0400 Subject: [PATCH 32/43] another commit for the vnet peering module --- Vnet-Peering/Environments/test/backend.tf | 2 +- virtual-machines/.DS_Store | Bin 6148 -> 6148 bytes virtual-machines/Azure/Linux-VM/.gitignore | 1 + virtual-machines/Azure/Linux-VM/main.tf | 40 +++++++++++++ virtual-machines/Azure/Linux-VM/outputs.tf | 9 +++ virtual-machines/Azure/Linux-VM/variables.tf | 59 +++++++++++++++++++ 6 files changed, 110 insertions(+), 1 deletion(-) create mode 100644 virtual-machines/Azure/Linux-VM/.gitignore create mode 100644 virtual-machines/Azure/Linux-VM/main.tf create mode 100644 virtual-machines/Azure/Linux-VM/outputs.tf create mode 100644 virtual-machines/Azure/Linux-VM/variables.tf diff --git a/Vnet-Peering/Environments/test/backend.tf b/Vnet-Peering/Environments/test/backend.tf index 984267f..b91ceea 100644 --- a/Vnet-Peering/Environments/test/backend.tf +++ b/Vnet-Peering/Environments/test/backend.tf @@ -4,6 +4,6 @@ terraform { storage_account_name = "tfstatefile84" container_name = "testtfstate" key = "vnet-peering.terraform.tfstate" - subscription_id = "" + # subscription_id = "" } } \ No newline at end of file diff --git a/virtual-machines/.DS_Store b/virtual-machines/.DS_Store index 19843e4c4fce10e8e95ad1aa7fab49c615a03140..5aec9bfd8d704d45c0432be17bf87cdf09c1558d 100644 GIT binary patch delta 193 zcmZoMXfc=|#>B`mF;Q%yo+6MAu%0Zy*Z^eo6xXvdI5Jc*lrj`Cq~@d>1}Ep|7BC{i+dzb-CJ*F;Q%yo+2a5!~knXmdQMf#hY1~nAkQ8FtIUiX6NAN04mwc$n>3g TGQWr+Bg14H9_h_7A}g2y_Tdi& diff --git a/virtual-machines/Azure/Linux-VM/.gitignore b/virtual-machines/Azure/Linux-VM/.gitignore new file mode 100644 index 0000000..1c99dc1 --- /dev/null +++ b/virtual-machines/Azure/Linux-VM/.gitignore @@ -0,0 +1 @@ +.terraform/ diff --git a/virtual-machines/Azure/Linux-VM/main.tf b/virtual-machines/Azure/Linux-VM/main.tf new file mode 100644 index 0000000..81e5b6b --- /dev/null +++ b/virtual-machines/Azure/Linux-VM/main.tf @@ -0,0 +1,40 @@ +######################################################################################## +# Linux VM +######################################################################################## + +resource "azurerm_network_interface" "this"{ + for_each = var. network_interface + name = each.value.name + location = each.value.location + resource_group_name = each.value.resource_group_name + ip_configuration { + name = each.value.ip_configuration.name + subnet_id = each.value.ip_configuration.subnet_id + private_ip_address_allocation = each.value.ip_configuration.private_ip_address_allocation + } +} + +resource "azurerm_linux_virtual_machine" "this" { + for_each = var.linux_vm + name = each.value.name + resource_group_name = each.value.resource_group_name + location = each.value.location + size = each.value.size + admin_username = "adminuser" + network_interface_ids = each.value.network_interface_ids + + os_disk { + caching = each.value.os_disk.caching + storage_account_type = each.value.os_disk.storage_account_type + } + source_image_reference { + publisher = "Canonical" + offer = "0001-com-ubuntu-server-jammy" + sku = "22_04-lts" + version = "latest" + } + admin_ssh_key { + username = "adminuser" + public_key = file("~/.ssh/id_rsa.pub") + } +} \ No newline at end of file diff --git a/virtual-machines/Azure/Linux-VM/outputs.tf b/virtual-machines/Azure/Linux-VM/outputs.tf new file mode 100644 index 0000000..4230412 --- /dev/null +++ b/virtual-machines/Azure/Linux-VM/outputs.tf @@ -0,0 +1,9 @@ +output "network_interface_ids" { + description = "map of network interface IDs" + value = {for k, v in azurerm_network_interface.this : k => v.id } +} + +output "azurerm_linux_virtual_machine" { + description = " Map of linux VM Ids" + value = {for k,v in azurerm_linux_virtual_machine.this : k => v.id} +} \ No newline at end of file diff --git a/virtual-machines/Azure/Linux-VM/variables.tf b/virtual-machines/Azure/Linux-VM/variables.tf new file mode 100644 index 0000000..08108a3 --- /dev/null +++ b/virtual-machines/Azure/Linux-VM/variables.tf @@ -0,0 +1,59 @@ +######################################################################################## +# Linux VM +######################################################################################## + +variable "network_interface" { + description = "Map of azure Network Interfaces" + type = map(object({ + name = string + location = string + resource_group_name = string + ip_configuration = object({ + name = string + subnet_id = string + private_ip_address_allocation = string # "Dynamic", "Static" + }) + })) + + +} + + +variable "linux_vm" { + description = "Map of linux Virtual Machines" + type = map(object({ + name = string + resource_group_name = string + location = string + size = string + admin_username = string + network_interface_ids = list(string) + # admin_ssh_key = object({ + # name = string + # }) + os_disk = object({ + caching = optional(string) + storage_account_type = optional(string) # LRS, ZRS + }) + # source_image_reference = object({ + # publisher = optional(string) + # offer = optional(string) + # sku = optional(string) + # version = optional(string) + # }) + })) +# default = { +# source_image_reference = { +# publisher = "Canonical" +# offer = "0001-com-ubuntu-server-jammy" +# sku = "22_04-lts" +# version = "latest" +# } +# os_disk = { +# caching = "ReadWrite" +# storage_account_type = "Standard_LRS" + +# } + +# } +} From 9093e22b9499ba9027a909f64ca92d8662d8d5d1 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Jul 2025 22:47:51 -0400 Subject: [PATCH 33/43] added some additional unit testing for infrastructure hardening --- .github/workflows/unit-testing.yaml | 102 ++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 .github/workflows/unit-testing.yaml diff --git a/.github/workflows/unit-testing.yaml b/.github/workflows/unit-testing.yaml new file mode 100644 index 0000000..f55cca5 --- /dev/null +++ b/.github/workflows/unit-testing.yaml @@ -0,0 +1,102 @@ +### terraform fmt -check +name: Uunit Testing +on: + workflow_dispatch: +permissions: + actions: read + contents: read + security-events: write + +jobs: + tf-formatting: + name: 'Terraform Formatting' + runs-on: ubuntu-latest + steps: + - name: 'Checkout GitHub Repo' + uses: actions/checkout@v4 + + - name: 'Set up Terraform' + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 'latest' + + - name: 'Terraform init' + run: terraform init + + - name: 'Terraform Format' + run: terraform fmt +### Terraform Validate + - name: 'Terraform validate' + run: terraform validate +### Tflint + - name: 'TFLint' + run: | + tflint --init + tflint +### trivy config . + trivy: + name: Trivy Vulnerability Scan + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Run Tricy vulnerabiltiy scanner in repo mode + uses: aquasecurity/trivy-action@0.28.0 + with: + scan-type: 'fs' + severity: 'CRITICAL' + format: 'sarif' + output: 'trivy-results.sarif' + ignore-unfixed: true + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'trivy-results.sarif' + + + iac_scan: + name: iac_scan + runs-on: ubuntu-24.04 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Run Trivy vulnerability scanner in IaC mode + uses: aquasecurity/trivy-action@0.28.0 + with: + scan-type: 'config' + hide-progress: false + format: 'sarif' + output: 'trivy-results.sarif' + exit-code: '1' + severity: 'CRITICAL' + + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'trivy-results.sarif' +### tfsec + tfsec: + name: 'tfsec' + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@4 + - name: 'Install Tfsec' + uses: aquasecurity/tfsec-sarif-action@21ded20e8ca120cd9d3d6ab04ef746477542a608 + with: + sarif_file: tfsec.sarif +### checkov -d . + checkov: + name: Run Checkov + runs-on: ubuntu-latest + steps: + - name: 'Run Checkov' + uses: bridgecrewio/checkov-action@v12 + with: + # This will add both a CLI output to the console and create a results.sarif file + output_format: cli,sarif + output_file_path: console,results.sarif From bad8e7ad6453e36b83a72e4e96bb144c0e4c228c Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Jul 2025 22:54:03 -0400 Subject: [PATCH 34/43] another update --- .github/workflows/unit-testing.yaml | 153 ++++++++++++++-------------- 1 file changed, 76 insertions(+), 77 deletions(-) diff --git a/.github/workflows/unit-testing.yaml b/.github/workflows/unit-testing.yaml index f55cca5..3a8532f 100644 --- a/.github/workflows/unit-testing.yaml +++ b/.github/workflows/unit-testing.yaml @@ -1,65 +1,65 @@ -### terraform fmt -check -name: Uunit Testing +name: Unit Testing + on: - workflow_dispatch: + workflow_dispatch: + permissions: - actions: read - contents: read - security-events: write + actions: read + contents: read + security-events: write jobs: - tf-formatting: - name: 'Terraform Formatting' - runs-on: ubuntu-latest - steps: - - name: 'Checkout GitHub Repo' - uses: actions/checkout@v4 - - - name: 'Set up Terraform' - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: 'latest' - - - name: 'Terraform init' - run: terraform init - - - name: 'Terraform Format' - run: terraform fmt -### Terraform Validate - - name: 'Terraform validate' - run: terraform validate -### Tflint - - name: 'TFLint' - run: | - tflint --init - tflint -### trivy config . - trivy: + tf-formatting: + name: 'Terraform Formatting' + runs-on: ubuntu-latest + steps: + - name: 'Checkout GitHub Repo' + uses: actions/checkout@v4 + + - name: 'Set up Terraform' + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 'latest' + + - name: 'Terraform init' + run: terraform init + + - name: 'Terraform Format' + run: terraform fmt -check + + - name: 'Terraform validate' + run: terraform validate + + - name: 'TFLint' + run: | + tflint --init + tflint + + trivy: name: Trivy Vulnerability Scan runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Run Tricy vulnerabiltiy scanner in repo mode - uses: aquasecurity/trivy-action@0.28.0 - with: - scan-type: 'fs' - severity: 'CRITICAL' - format: 'sarif' - output: 'trivy-results.sarif' - ignore-unfixed: true - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: 'trivy-results.sarif' - - - iac_scan: - name: iac_scan - runs-on: ubuntu-24.04 - steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Run Trivy vulnerability scanner in repo mode + uses: aquasecurity/trivy-action@0.28.0 + with: + scan-type: 'fs' + severity: 'CRITICAL' + format: 'sarif' + output: 'trivy-results.sarif' + ignore-unfixed: true + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'trivy-results.sarif' + + iac_scan: + name: IaC Scan + runs-on: ubuntu-24.04 + steps: - name: Checkout code uses: actions/checkout@v4 @@ -72,31 +72,30 @@ jobs: output: 'trivy-results.sarif' exit-code: '1' severity: 'CRITICAL' - - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' -### tfsec - tfsec: - name: 'tfsec' - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@4 - - name: 'Install Tfsec' - uses: aquasecurity/tfsec-sarif-action@21ded20e8ca120cd9d3d6ab04ef746477542a608 - with: + + tfsec: + name: 'tfsec' + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: 'Install Tfsec' + uses: aquasecurity/tfsec-sarif-action@21ded20e8ca120cd9d3d6ab04ef746477542a608 + with: sarif_file: tfsec.sarif -### checkov -d . - checkov: - name: Run Checkov - runs-on: ubuntu-latest - steps: - - name: 'Run Checkov' - uses: bridgecrewio/checkov-action@v12 - with: - # This will add both a CLI output to the console and create a results.sarif file - output_format: cli,sarif - output_file_path: console,results.sarif +##### + checkov: + name: Run Checkov + runs-on: ubuntu-latest + steps: + - name: 'Run Checkov' + uses: bridgecrewio/checkov-action@v12 + with: + output_format: cli,sarif + output_file_path: console,results.sarif From bdcd601e956fc10c5cb403434147fc63d7fed797 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Jul 2025 23:01:24 -0400 Subject: [PATCH 35/43] commit to main --- .github/workflows/unit-testing.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/unit-testing.yaml b/.github/workflows/unit-testing.yaml index 3a8532f..b5ae8e9 100644 --- a/.github/workflows/unit-testing.yaml +++ b/.github/workflows/unit-testing.yaml @@ -7,7 +7,7 @@ permissions: actions: read contents: read security-events: write - +#### jobs: tf-formatting: name: 'Terraform Formatting' @@ -34,7 +34,7 @@ jobs: run: | tflint --init tflint - +#### trivy: name: Trivy Vulnerability Scan runs-on: ubuntu-latest @@ -50,7 +50,7 @@ jobs: format: 'sarif' output: 'trivy-results.sarif' ignore-unfixed: true - +#### - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v3 with: From 19c8245b980a9a22ea7761f462a936803188c01c Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Jul 2025 23:09:01 -0400 Subject: [PATCH 36/43] another one --- IAM/.DS_Store | Bin 6148 -> 6148 bytes S2S-VPN/.DS_Store | Bin 6148 -> 6148 bytes TransitGatway/.DS_Store | Bin 6148 -> 6148 bytes VNET/environment/test-v1/main.tf | 47 ++++++++++++++++++++++ VNET/modules/virtual-network/outputs.tf | 5 +++ VPC-Peering/Environments/dev/backend.tf | 2 +- VPC-Peering/Environments/dev/main.tf | 12 +++--- VPC-Peering/Environments/dev/providers.tf | 21 ++++++++++ VPC/Environment/test-v1/main.tf | 28 ++++++------- VPC/Modules/.DS_Store | Bin 6148 -> 8196 bytes Vnet-Peering/.DS_Store | Bin 6148 -> 6148 bytes 11 files changed, 94 insertions(+), 21 deletions(-) diff --git a/IAM/.DS_Store b/IAM/.DS_Store index 6d2d13e7b89966aa50af18b82da778e7a494fb6c..d65e215e4b12d45180607f88f84aed3970885f7a 100644 GIT binary patch delta 127 zcmZoMXffE}#KgoRGr56DYjPeF7u&v>h04inlk1qw5KJwBf(*mpKR5!RCd`X)F^P*fz6s H{N)D#n^hvW delta 127 zcmZoMXffE}#KgqFFu8$AYjPeF7n}CxW6$ogOs-=xLol@j3Nj3Xlk;;67@%OX470>! z9%eo!?m0lF3dfAHaD_W8#~pzjDWMdXq@4UDph{$6iOD_8e2fa47c!@@Ol)A=%+B$b F9{^_*B=-OS diff --git a/S2S-VPN/.DS_Store b/S2S-VPN/.DS_Store index a4940b6c7bbd7e329e4d261d7414bd79f8e87e94..05d51ee687a6207f50b5a9842214c6aaa31a846c 100644 GIT binary patch delta 25 gcmZoMXffE3$HJr%F}Z-Hi!osGL^k2ge5~Ju0BL*&_5c6? delta 23 ecmZoMXffE3$HFARGP!`IYw`p(kS diff --git a/TransitGatway/.DS_Store b/TransitGatway/.DS_Store index ca9e16e8c2fa7f3d3dc81323c4262ff09da6e14d..9498eeb7c7e2f823f5c848591ab4693fc0dfdf54 100644 GIT binary patch delta 25 gcmZoMXffDe#>Au&F`0)+W^xEq9%I1f!%U8%09_~t0ssI2 delta 25 gcmZoMXffDe#>6DSGMR@-W^xEq9;3qM!%U8%09E`3asU7T diff --git a/VNET/environment/test-v1/main.tf b/VNET/environment/test-v1/main.tf index 2e81e24..118050d 100644 --- a/VNET/environment/test-v1/main.tf +++ b/VNET/environment/test-v1/main.tf @@ -114,6 +114,53 @@ module "subnets" { } } } +######################################################################################## +# Linux VM +######################################################################################## + +module "linux_vm" { + source = "../../../virtual-machines/Azure/Linux-VM" + + network_interface = { + nic1 = { + name = "linux-nic1" + location = local.location + ip_configuration = { + name = "internal" + subnet_id = module.subnets.subnet_id["smooths_subnet1"] + private_ip_address_allocation = "Dynamic" + } + } + nic2 = { + name = "linux-nic2" + location = local.location + ip_configuration = { + name = "internal" + subnet_id = module.subnets.subnet_id["smooth_subnet1"] + private_ip_address_allocation = "Dynamic" + } + } + } + linux_vm = { + Vm1 = { + name = "Linux-VM1" + resource_group_name = odule.resource_group.resource_group_name["smooths_rg1"] + location = local.location + size = "Standard_F2" + admin_username = "adminuser" + network_interface_ids = [module.linux_vm.network_interface_ids["nic1"]] + } + + Vm2 = { + name = "Linux-VM2" + resource_group_name = odule.resource_group.resource_group_name["smooths_rg2"] + location = local.location + size = "Standard_F2" + admin_username = "adminuser" + network_interface_ids = [module.linux_vm.network_interface_ids["nic2"]] + } + } +} ######################################################################################### # Storage Account diff --git a/VNET/modules/virtual-network/outputs.tf b/VNET/modules/virtual-network/outputs.tf index 1459d8b..3c31a7d 100644 --- a/VNET/modules/virtual-network/outputs.tf +++ b/VNET/modules/virtual-network/outputs.tf @@ -4,6 +4,11 @@ output "virutal_network_name" { } +output "virutal_network_id" { + description = "The ID of the virtual network." + value = {for k, v in azurerm_virtual_network.this : k => v.id} + +} output "vnet_address_space" { description = "The address space of the virtual network." value = {for k, v in azurerm_virtual_network.this : k => v.address_space} diff --git a/VPC-Peering/Environments/dev/backend.tf b/VPC-Peering/Environments/dev/backend.tf index 409aaf7..080c06f 100644 --- a/VPC-Peering/Environments/dev/backend.tf +++ b/VPC-Peering/Environments/dev/backend.tf @@ -1,7 +1,7 @@ terraform { backend "s3" { bucket = "terraform-state-bucket1237546" - key = "dev-vpc-by-terraform-state.tfstate" + key = "dev-vpc-peering-terraform-state.tfstate" region = "us-east-1" use_lockfile = true } diff --git a/VPC-Peering/Environments/dev/main.tf b/VPC-Peering/Environments/dev/main.tf index d6faa7a..c495f5f 100644 --- a/VPC-Peering/Environments/dev/main.tf +++ b/VPC-Peering/Environments/dev/main.tf @@ -190,12 +190,12 @@ module "route-tables" { } - route-accepter-igw = { - vpc_id = module.vpc.vpc_id["accepter_vpc"] - route_table_id = module.route-tables.public_route_table_id["accepter_pub_rt"] - gateway_id = module.igw-nat.igw_id["accepter-igw"] - destination_cidr_block = "0.0.0.0/0" - } + route-accepter-igw = { + vpc_id = module.vpc.vpc_id["accepter_vpc"] + route_table_id = module.route-tables.public_route_table_id["accepter_pub_rt"] + gateway_id = module.igw-nat.igw_id["accepter-igw"] + destination_cidr_block = "0.0.0.0/0" + } } ############################################################################### # Private Routes diff --git a/VPC-Peering/Environments/dev/providers.tf b/VPC-Peering/Environments/dev/providers.tf index e69de29..b3d0f7f 100644 --- a/VPC-Peering/Environments/dev/providers.tf +++ b/VPC-Peering/Environments/dev/providers.tf @@ -0,0 +1,21 @@ +terraform { + required_version = ">= 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "6.0.0-beta2" + configuration_aliases = [aws.us-east, aws.us-west] + } + } + +} +provider "aws" { + region = local.region + alias = "us-west" +} + +provider "aws" { + region = local.region_2 + alias = "us-east" +} +## \ No newline at end of file diff --git a/VPC/Environment/test-v1/main.tf b/VPC/Environment/test-v1/main.tf index 4a15eea..75de09d 100644 --- a/VPC/Environment/test-v1/main.tf +++ b/VPC/Environment/test-v1/main.tf @@ -94,17 +94,17 @@ module "route-tables" { } } public_route_table_associations = { - pub_rt1_subnet1 = { # unique key + pub_rt1_subnet1 = { # unique key route_table_id = module.route-tables.public_route_table_id["public_rt1"] subnet_id = module.subnets.public_subnets["pub_subnet_1"] - } - pub_rt1_subnet2 = { - route_table_id = module.route-tables.public_route_table_id["public_rt1"] - subnet_id = module.subnets.public_subnets["pub_subnet_2"] - } - } - # Accessing the first public subnet + pub_rt1_subnet2 = { + route_table_id = module.route-tables.public_route_table_id["public_rt1"] + subnet_id = module.subnets.public_subnets["pub_subnet_2"] + } + + } + # Accessing the first public subnet private_route_tables = { private_rt1 = { @@ -122,15 +122,15 @@ module "route-tables" { } private_route_table_associations = { - priv_rt1_subnet1 = { # unique key + priv_rt1_subnet1 = { # unique key route_table_id = module.route-tables.private_route_table_id["private_rt1"] subnet_id = module.subnets.private_subnets["priv_subnet_1"] + } + priv_rt1_subnet2 = { + route_table_id = module.route-tables.private_route_table_id["private_rt1"] + subnet_id = module.subnets.private_subnets["priv_subnet_2"] + } } - priv_rt1_subnet2 = { - route_table_id = module.route-tables.private_route_table_id["private_rt1"] - subnet_id = module.subnets.private_subnets["priv_subnet_2"] - } -} } diff --git a/VPC/Modules/.DS_Store b/VPC/Modules/.DS_Store index ab2b872d5c8615d2afc67fb07f7e524c01816ef2..38064476e9510cfc1f1dde2f5865e97f3af837f3 100644 GIT binary patch literal 8196 zcmeHMJ#Q015S_&aTOkq%8W%yijt`L{HO-NjBAq2mX$f|~A+mE;d+{8~5+r7&-8t>P*?IeJ&#PGzky#mTE)&&=sEW$= z=5;g^3XgNml`F1i0oK5uXosFr+U+bi+er?s9jbsTpbDr0s(>o+FDQUBn@hFe+?P>p zRRLAtzf^#KA0kw?v9p<2`_qBOrU0;IblZYwDr(_Stxf+*Z7;(pV z#BkWy*-WgslM#0^F0yeMim}n*7g;!&Sgf|HfGUtzfOGc>y`&DkrX@dr@AUtKmC%cwB_@xqn;u{PwHtk%@Eq zjHh8ko*$WK1-cKhM|PloI<9kVJCE?WZSQ&eH<-s~Rg4Px*nLo#h+ zf3!Hb^YohCn`fh=otPgDbWRRvUm3sAt6>&^NK0=e8e7m|7@Tv`A;KUX3=I0yfCN+~H{Zo2DJMS(D8jMp<+}yJOvfFOWmE9T7Gxlsx&WvR z8EkC$%eI)EgF}!RA}YWQq+NlyePiKw=E?jrhKvl8ZFr=4m>}K(`H*3AJkK0v00x>Z A+yDRo diff --git a/Vnet-Peering/.DS_Store b/Vnet-Peering/.DS_Store index 4fcb637634e327b1ff1f671e64d104f06a576f3b..2d43a31ebf12a82733234377e0cd922574ee55c2 100644 GIT binary patch delta 71 zcmZoMXffDe#>8Y%Jeh|{W^xEq9^-_`hnW6DSGMR@-W^xEq9;3qK!%T`y3=ET>G0CxCGUlHz^846iLuTR0a?CtP Ue8tV_%nMj1Hi&L!=lIJH0O{8j4FCWD From ab8de374e790800ce1c9cd0da262edd67c65bf75 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Jul 2025 23:18:17 -0400 Subject: [PATCH 37/43] another one for the books --- Documentation | 46 ++++++++ IAM/.gitignore | 41 +++++++ IAM/CloudWatch-Logging/.gitignore | 41 +++++++ IAM/SSM-Policy/.gitignore | 41 +++++++ S2S-VPN/Environments/dev/.gitignore | 41 +++++++ S2S-VPN/Environments/prod/.gitignore | 41 +++++++ S2S-VPN/Environments/test/.gitignore | 41 +++++++ TransitGatway/Environments/dev/.gitignore | 41 +++++++ TransitGatway/Environments/prod/.gitignore | 41 +++++++ TransitGatway/Environments/test/.gitignore | 41 +++++++ .../multi-vpc-to-multi-vpc-v2/01-vpcs.tf | 39 +++++++ .../multi-vpc-to-multi-vpc-v2/02-subnets.tf | 39 +++++++ .../multi-vpc-to-multi-vpc-v2/03-igw-nat.tf | 80 ++++++++++++++ .../04-route-tables.tf | 83 ++++++++++++++ .../05-route-table-association.tf | 24 +++++ .../multi-vpc-to-multi-vpc-v2/06-peerings.tf | 101 ++++++++++++++++++ .../multi-vpc-to-multi-vpc-v2/07-iam.tf | 86 +++++++++++++++ .../multi-vpc-to-multi-vpc-v2/08-EC2.tf | 0 .../09-security-groups.tf | 87 +++++++++++++++ .../multi-vpc-to-multi-vpc-v2/10-variables.tf | 75 +++++++++++++ .../multi-vpc-to-multi-vpc-v2/11-outputs.tf | 0 .../Modules/multi-vpc-to-multi-vpc-v2/main.tf | 0 .../multi-vpc-to-multi-vpc-v2/outputs.tf | 0 .../Modules/multi-vpc-to-multi-vpc-v2/readme | 3 + .../multi-vpc-to-multi-vpc-v2/variables.tf | 0 .../Modules/multi-vpc-to-multi-vpc/01-vpcs.tf | 39 +++++++ .../multi-vpc-to-multi-vpc/02-subnets.tf | 39 +++++++ .../multi-vpc-to-multi-vpc/03-igw-nat.tf | 80 ++++++++++++++ .../multi-vpc-to-multi-vpc/04-route-tables.tf | 83 ++++++++++++++ .../05-route-table-association.tf | 24 +++++ .../multi-vpc-to-multi-vpc/06-peerings.tf | 101 ++++++++++++++++++ .../Modules/multi-vpc-to-multi-vpc/07-iam.tf | 86 +++++++++++++++ .../Modules/multi-vpc-to-multi-vpc/08-EC2.tf | 0 .../09-security-groups.tf | 87 +++++++++++++++ .../multi-vpc-to-multi-vpc/10-variables.tf | 75 +++++++++++++ .../multi-vpc-to-multi-vpc/11-outputs.tf | 0 .../Modules/multi-vpc-to-multi-vpc/readme | 3 + VPC/Modules/vpc-flowlogs/.gitignore | 41 +++++++ VPC/Modules/vpc-flowlogs/main.tf | 0 VPC/Modules/vpc-flowlogs/outputs.tf | 0 VPC/Modules/vpc-flowlogs/variables.tf | 0 Vnet-Peering/Environments/dev/.gitignore | 41 +++++++ Vnet-Peering/Environments/prod/.gitignore | 41 +++++++ 43 files changed, 1772 insertions(+) create mode 100644 Documentation create mode 100644 IAM/.gitignore create mode 100644 IAM/CloudWatch-Logging/.gitignore create mode 100644 IAM/SSM-Policy/.gitignore create mode 100644 S2S-VPN/Environments/dev/.gitignore create mode 100644 S2S-VPN/Environments/prod/.gitignore create mode 100644 S2S-VPN/Environments/test/.gitignore create mode 100644 TransitGatway/Environments/dev/.gitignore create mode 100644 TransitGatway/Environments/prod/.gitignore create mode 100644 TransitGatway/Environments/test/.gitignore create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/01-vpcs.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/02-subnets.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/03-igw-nat.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/04-route-tables.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/05-route-table-association.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/06-peerings.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/07-iam.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/08-EC2.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/09-security-groups.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/10-variables.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/11-outputs.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/main.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/outputs.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/readme create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/variables.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc/01-vpcs.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc/02-subnets.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc/03-igw-nat.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc/04-route-tables.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc/05-route-table-association.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc/06-peerings.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc/07-iam.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc/08-EC2.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc/09-security-groups.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc/10-variables.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc/11-outputs.tf create mode 100644 VPC-Peering/Modules/multi-vpc-to-multi-vpc/readme create mode 100644 VPC/Modules/vpc-flowlogs/.gitignore create mode 100644 VPC/Modules/vpc-flowlogs/main.tf create mode 100644 VPC/Modules/vpc-flowlogs/outputs.tf create mode 100644 VPC/Modules/vpc-flowlogs/variables.tf create mode 100644 Vnet-Peering/Environments/dev/.gitignore create mode 100644 Vnet-Peering/Environments/prod/.gitignore diff --git a/Documentation b/Documentation new file mode 100644 index 0000000..b920e34 --- /dev/null +++ b/Documentation @@ -0,0 +1,46 @@ +######################################################### +# Topics I'm going to explore in this module +######################################################### + + +### Conditional logic + - Conditionally create VPC + - Based off the bool the subsequent resources associated to the VPC will be created or not + - Create IGW based off of bool + - That IGW should then have logic in a locals variable, that says. "if the vpc bool == true and the public route table == true then create a route to the internet gateway" + - example logic: + locals{ + create_route_to_igw = var.create_vpc && var.create_igw && local.create_public_route_table + } + - Create NAT Gateway based off of bool + - That NAT should then have logic in a locals variable, that says. "if the vpc bool == true and the private subnet creation == true then create a route to the NAT gateway" + - example logic: + locals{ + create_route_to_nat = var.create_vpc && var.create_igw && local.create_private_route_table + } +### Count + - Couple conditional logic with the Count meta argument + - Based off of the conditions bool will determine how many of the VPCs are created + +### Dynamic Resource Allocation + - Based on how many VPCs are created will result in how many Private, Public Subnets are created + - Along with Route tables for Public and Private subs + - Internet Gateway + - NAT Gateway + +### Dynamic CIDR Blocks + - Use one of the Terraform functions to create CIDRs for subnets based off of the VPC created. + +### Dynamic Resource Creation: + - allow the user to specify how many of a given resource is created + - + +### map(string) variables for tags with string interpolation + - Name + - Environment + - example: + variable "tags"{ + description = "tags for each resource" + type = map(string) + default = {} + } \ No newline at end of file diff --git a/IAM/.gitignore b/IAM/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/IAM/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/IAM/CloudWatch-Logging/.gitignore b/IAM/CloudWatch-Logging/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/IAM/CloudWatch-Logging/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/IAM/SSM-Policy/.gitignore b/IAM/SSM-Policy/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/IAM/SSM-Policy/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/S2S-VPN/Environments/dev/.gitignore b/S2S-VPN/Environments/dev/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/S2S-VPN/Environments/dev/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/S2S-VPN/Environments/prod/.gitignore b/S2S-VPN/Environments/prod/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/S2S-VPN/Environments/prod/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/S2S-VPN/Environments/test/.gitignore b/S2S-VPN/Environments/test/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/S2S-VPN/Environments/test/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/TransitGatway/Environments/dev/.gitignore b/TransitGatway/Environments/dev/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/TransitGatway/Environments/dev/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/TransitGatway/Environments/prod/.gitignore b/TransitGatway/Environments/prod/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/TransitGatway/Environments/prod/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/TransitGatway/Environments/test/.gitignore b/TransitGatway/Environments/test/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/TransitGatway/Environments/test/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/01-vpcs.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/01-vpcs.tf new file mode 100644 index 0000000..854835e --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/01-vpcs.tf @@ -0,0 +1,39 @@ +#tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs +resource "aws_vpc" "vpc_a" { + cidr_block = var.vpc_a_cidr + instance_tenancy = "default" + enable_dns_support = true + enable_dns_hostnames = true + + + + tags = { + Name = var.vpc_a_name + } +} +#tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs +resource "aws_vpc" "vpc_b" { + cidr_block = var.vpc_b_cidr + instance_tenancy = "default" + enable_dns_support = true + enable_dns_hostnames = true + + + + tags = { + Name = var.vpc_b_name + } +} +#tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs +resource "aws_vpc" "vpc_c" { + cidr_block = var.vpc_c_cidr + instance_tenancy = "default" + enable_dns_support = true + enable_dns_hostnames = true + + + + tags = { + Name = var.vpc_c_name + } +} diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/02-subnets.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/02-subnets.tf new file mode 100644 index 0000000..01d5584 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/02-subnets.tf @@ -0,0 +1,39 @@ +### -------- vpc a subnets -------- ### + +resource "aws_subnet" "vpc_a_subnet_1" { + vpc_id = aws_vpc.vpc_a.id + cidr_block = var.vpc_a_subnet_1_cidr + availability_zone = var.vpc_a_subnet_1_availability_zone + map_public_ip_on_launch = false + + tags = { + Name = "${var.vpc_a_name}-subnet-1" + } + +} +### -------- vpc b subnets -------- ### + +resource "aws_subnet" "vpc_b_subnet_1" { + vpc_id = aws_vpc.vpc_b.id + cidr_block = var.vpc_b_subnet_1_cidr + availability_zone = var.vpc_b_subnet_1_availability_zone + map_public_ip_on_launch = false + + tags = { + Name = "${var.vpc_b_name}-subnet-1" + } + +} +### -------- vpc c subnets -------- ### + +resource "aws_subnet" "vpc_c_subnet_1" { + vpc_id = aws_vpc.vpc_c.id + cidr_block = var.vpc_c_subnet_1_cidr + availability_zone = var.vpc_c_subnet_1_availability_zone + map_public_ip_on_launch = false + + tags = { + Name = "${var.vpc_c_name}-subnet-1" + } + +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/03-igw-nat.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/03-igw-nat.tf new file mode 100644 index 0000000..e316445 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/03-igw-nat.tf @@ -0,0 +1,80 @@ +### --------- vpc a eip ----------- ### + +resource "aws_eip" "vpc_a_eip" { + tags = { + Name = "${var.vpc_a_name}-eip" + } +} + +### vpc a nat gateway ### +resource "aws_nat_gateway" "vpc_a_nat_gateway" { + allocation_id = aws_eip.vpc_a_eip.id + subnet_id = aws_subnet.vpc_a_subnet_1.id + + tags = { + Name = "${var.vpc_a_name}-nat-gateway" + } +} + +### vpc a internet gateway ### +resource "aws_internet_gateway" "vpc_a_internet_gateway" { + vpc_id = aws_vpc.vpc_a.id + + tags = { + Name = "${var.vpc_a_name}-internet-gateway" + } +} + +### ---------- vpc b eip ----------- ### + +resource "aws_eip" "vpc_b_eip" { + tags = { + Name = "${var.vpc_b_name}-eip" + } +} + +### vpc a nat gateway ### +resource "aws_nat_gateway" "vpc_b_nat_gateway" { + allocation_id = aws_eip.vpc_b_eip.id + subnet_id = aws_subnet.vpc_b_subnet_1.id + + tags = { + Name = "${var.vpc_b_name}-nat-gateway" + } +} + +### vpc a internet gateway ### +resource "aws_internet_gateway" "vpc_b_internet_gateway" { + vpc_id = aws_vpc.vpc_b.id + + tags = { + Name = "${var.vpc_b_name}-internet-gateway" + } +} + +### --------- vpc c eip ----------- ### + +resource "aws_eip" "vpc_c_eip" { + tags = { + Name = "${var.vpc_c_name}-eip" + } +} + +### vpc a nat gateway ### +resource "aws_nat_gateway" "vpc_c_nat_gateway" { + allocation_id = aws_eip.vpc_c_eip.id + subnet_id = aws_subnet.vpc_c_subnet_1.id + + tags = { + Name = "${var.vpc_c_name}-nat-gateway" + } +} + +### vpc a internet gateway ### +resource "aws_internet_gateway" "vpc_c_internet_gateway" { + vpc_id = aws_vpc.vpc_c.id + + tags = { + Name = "${var.vpc_c_name}-internet-gateway" + } +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/04-route-tables.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/04-route-tables.tf new file mode 100644 index 0000000..f59ae03 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/04-route-tables.tf @@ -0,0 +1,83 @@ +### -------- vpc a route table --------- ### +resource "aws_route_table" "vpc_a_route_table" { + vpc_id = aws_vpc.vpc_a.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_nat_gateway.vpc_a_nat_gateway.id + + } + + route { + cidr_block = var.vpc_b_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_a.id + + } + + route { + cidr_block = var.vpc_c_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_b.id + + } + + tags = { + Name = "${var.vpc_a_name}-route-table" + } + + depends_on = [ aws_vpc.vpc_a ] +} + +### -------- vpc b route table --------- ### +resource "aws_route_table" "vpc_b_route_table" { + vpc_id = aws_vpc.vpc_b.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_nat_gateway.vpc_b_nat_gateway.id + + } + route { + cidr_block = var.vpc_c_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_c.id + + } + + route { + cidr_block = var.vpc_a_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_a.id + + } + + + tags = { + Name = "${var.vpc_b_name}-route-table" + } + depends_on = [ aws_vpc.vpc_b, aws_vpc.vpc_c ] +} + +### -------- vpc c route table --------- ### +resource "aws_route_table" "vpc_c_route_table" { + vpc_id = aws_vpc.vpc_c.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_nat_gateway.vpc_c_nat_gateway.id + + } + + route { + cidr_block = var.vpc_a_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_b.id + + } + + route { + cidr_block = var.vpc_b_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_c.id + + } + tags = { + Name = "${var.vpc_c_name}-route-table" + } + depends_on = [ aws_vpc.vpc_c, aws_vpc.vpc_a ] +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/05-route-table-association.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/05-route-table-association.tf new file mode 100644 index 0000000..2ec14e6 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/05-route-table-association.tf @@ -0,0 +1,24 @@ +### --------- vpc A route table association --------- ### +resource "aws_route_table_association" "vpc_a_subnet_1_association" { + subnet_id = aws_subnet.vpc_a_subnet_1.id + route_table_id = aws_route_table.vpc_a_route_table.id + + depends_on = [ aws_route_table.vpc_a_route_table ] + +} + +### --------- vpc B route table association --------- ### +resource "aws_route_table_association" "vpc_b_subnet_1_association" { + subnet_id = aws_subnet.vpc_b_subnet_1.id + route_table_id = aws_route_table.vpc_b_route_table.id + + depends_on = [ aws_route_table.vpc_b_route_table ] +} + +### --------- vpc C route table association --------- ### +resource "aws_route_table_association" "vpc_c_subnet_1_association" { + subnet_id = aws_subnet.vpc_c_subnet_1.id + route_table_id = aws_route_table.vpc_c_route_table.id + + depends_on = [ aws_route_table.vpc_c_route_table ] +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/06-peerings.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/06-peerings.tf new file mode 100644 index 0000000..de654f6 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/06-peerings.tf @@ -0,0 +1,101 @@ +data "aws_caller_identity" "peer" {} + +### ------------ VPC A -> VPC B ------------ ### +resource "aws_vpc_peering_connection" "connection_a" { + + peer_owner_id = data.aws_caller_identity.peer.account_id + peer_vpc_id = aws_vpc.vpc_b.id ## Accepter VPC ID + vpc_id = aws_vpc.vpc_a.id ## Requester VPC ID + auto_accept = false + peer_region = var.aws_region + + tags = { + Name = "vpc a -> vpc b" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_b ] +} + + +### Accepters/Destination side of the connection ### +resource "aws_vpc_peering_connection_accepter" "vpc_a_accepter" { + vpc_peering_connection_id = aws_vpc_peering_connection.connection_a.id + auto_accept = true + + + + tags = { + Side = "Accepter" + Name = "vpc b -> vpc a" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_b ] +} + + +### ------------ VPC A -> VPC C ------------ ### +resource "aws_vpc_peering_connection" "connection_b" { + + peer_owner_id = data.aws_caller_identity.peer.account_id + peer_vpc_id = aws_vpc.vpc_c.id ## Accepter VPC ID + vpc_id = aws_vpc.vpc_a.id ## Requester VPC ID + auto_accept = false + peer_region = var.aws_region + + tags = { + Name = "vpc a -> vpc c" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_c ] +} + + +### Accepters/Destination side of the connection ### +resource "aws_vpc_peering_connection_accepter" "vpc_c_accepter" { + vpc_peering_connection_id = aws_vpc_peering_connection.connection_b.id + auto_accept = true + + + + tags = { + Side = "Accepter" + Name = "vpc c -> vpc a" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_c ] +} + + + + +### ------------ VPC C -> VPC B ------------ ### +resource "aws_vpc_peering_connection" "connection_c" { + + peer_owner_id = data.aws_caller_identity.peer.account_id + peer_vpc_id = aws_vpc.vpc_b.id ## Accepter VPC ID + vpc_id = aws_vpc.vpc_c.id ## Requester VPC ID + auto_accept = false + peer_region = var.aws_region + + tags = { + Name = "vpc c -> vpc b" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_c ] +} + + +### Accepters/Destination side of the connection ### +resource "aws_vpc_peering_connection_accepter" "vpc_b_accepter" { + vpc_peering_connection_id = aws_vpc_peering_connection.connection_c.id + auto_accept = true + + + + tags = { + Side = "Accepter" + Name = "vpc b -> vpc c" + } + + depends_on = [ aws_vpc.vpc_b, aws_vpc.vpc_c ] +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/07-iam.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/07-iam.tf new file mode 100644 index 0000000..cccb1d3 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/07-iam.tf @@ -0,0 +1,86 @@ +### use the IAM policy created for SSM ### + +resource "aws_iam_policy" "ssm_policy" { + name = "AmazonSSMManagedInstanceCore" + path = "/" + description = "SSM policy" + + # Terraform's "jsonencode" function converts a + # Terraform expression result to valid JSON syntax. + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + "Effect": "Allow", + "Action": [ + "ssm:DescribeAssociation", + "ssm:GetDeployablePatchSnapshotForInstance", + "ssm:GetDocument", + "ssm:DescribeDocument", + "ssm:GetManifest", + "ssm:GetParameter", + "ssm:GetParameters", + "ssm:ListAssociations", + "ssm:ListInstanceAssociations", + "ssm:PutInventory", + "ssm:PutComplianceItems", + "ssm:PutConfigurePackageResult", + "ssm:UpdateAssociationStatus", + "ssm:UpdateInstanceAssociationStatus", + "ssm:UpdateInstanceInformation" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2messages:AcknowledgeMessage", + "ec2messages:DeleteMessage", + "ec2messages:FailMessage", + "ec2messages:GetEndpoint", + "ec2messages:GetMessages", + "ec2messages:SendReply" + ], + "Resource": "*" + } + ] + }) +} + +data "aws_iam_policy_document" "ssm_policy_doc" { + statement { + actions = [ + "sts:AssumeRole" + ] + principals { + type = "Service" + identifiers = ["ec2.amazonaws.com"] + } + effect = "Allow" + } +} + +resource "aws_iam_role" "ssm_role" { + name = "AmazonSSMManagedInstanceCore1" + assume_role_policy = data.aws_iam_policy_document.ssm_policy_doc.json +} + +resource "aws_iam_role_policy_attachment" "attach_ssm_policy" { + role = aws_iam_role.ssm_role.name + policy_arn = aws_iam_policy.ssm_policy.arn +} + +resource "aws_iam_instance_profile" "ssm_profile" { + name = "AmazonSSMManagedInstanceCore2" + role = aws_iam_role.ssm_role.name +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/08-EC2.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/08-EC2.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/09-security-groups.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/09-security-groups.tf new file mode 100644 index 0000000..c20ca22 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/09-security-groups.tf @@ -0,0 +1,87 @@ +### -------------- Security Group VPC A ------------- ### +resource "aws_security_group" "vpc_a_sg" { + vpc_id = aws_vpc.vpc_a.id + description = "Security group for VPC A" +} + +resource "aws_security_group_rule" "icmp_source" { + type = "ingress" + from_port = -1 + to_port = -1 + protocol = "icmp" + security_group_id = aws_security_group.vpc_a_sg.id + cidr_blocks = [var.acceptor_cidr] + + + description = "Allow ICMP from destination VPC" + + depends_on = [ aws_security_group.vpc_a_sg ] +} + + + +resource "aws_vpc_security_group_egress_rule" "source_egress" { + security_group_id = aws_security_group.vpc_a_sg.id + + cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr + ip_protocol = "-1" + +} +### -------------- Security Group VPC B ------------- ### +resource "aws_security_group" "vpc_b_sg" { + vpc_id = aws_vpc.vpc_b.id + description = "Security group for VPC B" +} + +resource "aws_security_group_rule" "icmp_source" { + type = "ingress" + from_port = -1 + to_port = -1 + protocol = "icmp" + security_group_id = aws_security_group.vpc_b_sg.id + cidr_blocks = [var.acceptor_cidr] + + + description = "Allow ICMP from destination VPC" + + depends_on = [ aws_security_group.vpc_b_sg ] +} + + + +resource "aws_vpc_security_group_egress_rule" "source_egress" { + security_group_id = aws_security_group.vpc_b_sg.id + + cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr + ip_protocol = "-1" + +} +### -------------- Security Group VPC C ------------- ### +resource "aws_security_group" "vpc_c_sg" { + vpc_id = aws_vpc.vpc_c.id + description = "Security group for source VPC" +} + +resource "aws_security_group_rule" "icmp_source" { + type = "ingress" + from_port = -1 + to_port = -1 + protocol = "icmp" + security_group_id = aws_security_group.vpc_c_sg.id + cidr_blocks = [var.acceptor_cidr] + + + description = "Allow ICMP from destination VPC" + + depends_on = [ aws_security_group.vpc_c_sg ] +} + + + +resource "aws_vpc_security_group_egress_rule" "source_egress" { + security_group_id = aws_security_group.vpc_c_sg.id + + cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr + ip_protocol = "-1" + +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/10-variables.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/10-variables.tf new file mode 100644 index 0000000..9009978 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/10-variables.tf @@ -0,0 +1,75 @@ +variable "aws_region" { + description = "AWS region where the VPCs will be created" + type = string + default = "us-east-1" + +} +variable "environment" { + description = "Environment for the VPCs (e.g., dev, staging, prod)" + type = string + +} + +### VPC Variables ### +variable "vpc_a_cidr" { + description = "CIDR block for VPC A" + type = string + +} +variable "vpc_b_cidr" { + description = "CIDR block for VPC B" + type = string + +} +variable "vpc_c_cidr" { + description = "CIDR block for VPC C" + type = string + +} +variable "vpc_a_name" { + description = "Name for VPC A" + type = string +} +variable "vpc_b_name" { + description = "Name for VPC B" + type = string +} +variable "vpc_c_name" { + description = "Name for VPC C" + type = string +} + +### Subnet Variables ### + +### Subnet CIDR blocks for each Subnet ### +variable "vpc_a_subnet_1_cidr" { + description = "CIDR block for VPC A Subnet 1" + type = string +} +variable "vpc_b_subnet_1_cidr" { + description = "CIDR block for VPC B Subnet 1" + type = string +} +variable "vpc_c_subnet_1_cidr" { + description = "CIDR block for VPC C Subnet 1" + type = string +} + +### Subnet Availability Zones for each Subnet ### + +variable "vpc_a_subnet_1_availability_zone" { + description = "Availability Zone for VPC A Subnet 1" + type = string + +} + +variable "vpc_b_subnet_1_availability_zone" { + description = "Availability Zone for VPC B Subnet 1" + type = string + +} +variable "vpc_c_subnet_1_availability_zone" { + description = "Availability Zone for VPC C Subnet 1" + type = string + +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/11-outputs.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/11-outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/main.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/outputs.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/readme b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/readme new file mode 100644 index 0000000..c338984 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/readme @@ -0,0 +1,3 @@ +## What I want to explore in this section + - forech + - \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/variables.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc-v2/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/01-vpcs.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/01-vpcs.tf new file mode 100644 index 0000000..854835e --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/01-vpcs.tf @@ -0,0 +1,39 @@ +#tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs +resource "aws_vpc" "vpc_a" { + cidr_block = var.vpc_a_cidr + instance_tenancy = "default" + enable_dns_support = true + enable_dns_hostnames = true + + + + tags = { + Name = var.vpc_a_name + } +} +#tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs +resource "aws_vpc" "vpc_b" { + cidr_block = var.vpc_b_cidr + instance_tenancy = "default" + enable_dns_support = true + enable_dns_hostnames = true + + + + tags = { + Name = var.vpc_b_name + } +} +#tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs +resource "aws_vpc" "vpc_c" { + cidr_block = var.vpc_c_cidr + instance_tenancy = "default" + enable_dns_support = true + enable_dns_hostnames = true + + + + tags = { + Name = var.vpc_c_name + } +} diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/02-subnets.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/02-subnets.tf new file mode 100644 index 0000000..01d5584 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/02-subnets.tf @@ -0,0 +1,39 @@ +### -------- vpc a subnets -------- ### + +resource "aws_subnet" "vpc_a_subnet_1" { + vpc_id = aws_vpc.vpc_a.id + cidr_block = var.vpc_a_subnet_1_cidr + availability_zone = var.vpc_a_subnet_1_availability_zone + map_public_ip_on_launch = false + + tags = { + Name = "${var.vpc_a_name}-subnet-1" + } + +} +### -------- vpc b subnets -------- ### + +resource "aws_subnet" "vpc_b_subnet_1" { + vpc_id = aws_vpc.vpc_b.id + cidr_block = var.vpc_b_subnet_1_cidr + availability_zone = var.vpc_b_subnet_1_availability_zone + map_public_ip_on_launch = false + + tags = { + Name = "${var.vpc_b_name}-subnet-1" + } + +} +### -------- vpc c subnets -------- ### + +resource "aws_subnet" "vpc_c_subnet_1" { + vpc_id = aws_vpc.vpc_c.id + cidr_block = var.vpc_c_subnet_1_cidr + availability_zone = var.vpc_c_subnet_1_availability_zone + map_public_ip_on_launch = false + + tags = { + Name = "${var.vpc_c_name}-subnet-1" + } + +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/03-igw-nat.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/03-igw-nat.tf new file mode 100644 index 0000000..e316445 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/03-igw-nat.tf @@ -0,0 +1,80 @@ +### --------- vpc a eip ----------- ### + +resource "aws_eip" "vpc_a_eip" { + tags = { + Name = "${var.vpc_a_name}-eip" + } +} + +### vpc a nat gateway ### +resource "aws_nat_gateway" "vpc_a_nat_gateway" { + allocation_id = aws_eip.vpc_a_eip.id + subnet_id = aws_subnet.vpc_a_subnet_1.id + + tags = { + Name = "${var.vpc_a_name}-nat-gateway" + } +} + +### vpc a internet gateway ### +resource "aws_internet_gateway" "vpc_a_internet_gateway" { + vpc_id = aws_vpc.vpc_a.id + + tags = { + Name = "${var.vpc_a_name}-internet-gateway" + } +} + +### ---------- vpc b eip ----------- ### + +resource "aws_eip" "vpc_b_eip" { + tags = { + Name = "${var.vpc_b_name}-eip" + } +} + +### vpc a nat gateway ### +resource "aws_nat_gateway" "vpc_b_nat_gateway" { + allocation_id = aws_eip.vpc_b_eip.id + subnet_id = aws_subnet.vpc_b_subnet_1.id + + tags = { + Name = "${var.vpc_b_name}-nat-gateway" + } +} + +### vpc a internet gateway ### +resource "aws_internet_gateway" "vpc_b_internet_gateway" { + vpc_id = aws_vpc.vpc_b.id + + tags = { + Name = "${var.vpc_b_name}-internet-gateway" + } +} + +### --------- vpc c eip ----------- ### + +resource "aws_eip" "vpc_c_eip" { + tags = { + Name = "${var.vpc_c_name}-eip" + } +} + +### vpc a nat gateway ### +resource "aws_nat_gateway" "vpc_c_nat_gateway" { + allocation_id = aws_eip.vpc_c_eip.id + subnet_id = aws_subnet.vpc_c_subnet_1.id + + tags = { + Name = "${var.vpc_c_name}-nat-gateway" + } +} + +### vpc a internet gateway ### +resource "aws_internet_gateway" "vpc_c_internet_gateway" { + vpc_id = aws_vpc.vpc_c.id + + tags = { + Name = "${var.vpc_c_name}-internet-gateway" + } +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/04-route-tables.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/04-route-tables.tf new file mode 100644 index 0000000..f59ae03 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/04-route-tables.tf @@ -0,0 +1,83 @@ +### -------- vpc a route table --------- ### +resource "aws_route_table" "vpc_a_route_table" { + vpc_id = aws_vpc.vpc_a.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_nat_gateway.vpc_a_nat_gateway.id + + } + + route { + cidr_block = var.vpc_b_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_a.id + + } + + route { + cidr_block = var.vpc_c_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_b.id + + } + + tags = { + Name = "${var.vpc_a_name}-route-table" + } + + depends_on = [ aws_vpc.vpc_a ] +} + +### -------- vpc b route table --------- ### +resource "aws_route_table" "vpc_b_route_table" { + vpc_id = aws_vpc.vpc_b.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_nat_gateway.vpc_b_nat_gateway.id + + } + route { + cidr_block = var.vpc_c_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_c.id + + } + + route { + cidr_block = var.vpc_a_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_a.id + + } + + + tags = { + Name = "${var.vpc_b_name}-route-table" + } + depends_on = [ aws_vpc.vpc_b, aws_vpc.vpc_c ] +} + +### -------- vpc c route table --------- ### +resource "aws_route_table" "vpc_c_route_table" { + vpc_id = aws_vpc.vpc_c.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_nat_gateway.vpc_c_nat_gateway.id + + } + + route { + cidr_block = var.vpc_a_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_b.id + + } + + route { + cidr_block = var.vpc_b_cidr + vpc_peering_connection_id = aws_vpc_peering_connection.connection_c.id + + } + tags = { + Name = "${var.vpc_c_name}-route-table" + } + depends_on = [ aws_vpc.vpc_c, aws_vpc.vpc_a ] +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/05-route-table-association.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/05-route-table-association.tf new file mode 100644 index 0000000..2ec14e6 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/05-route-table-association.tf @@ -0,0 +1,24 @@ +### --------- vpc A route table association --------- ### +resource "aws_route_table_association" "vpc_a_subnet_1_association" { + subnet_id = aws_subnet.vpc_a_subnet_1.id + route_table_id = aws_route_table.vpc_a_route_table.id + + depends_on = [ aws_route_table.vpc_a_route_table ] + +} + +### --------- vpc B route table association --------- ### +resource "aws_route_table_association" "vpc_b_subnet_1_association" { + subnet_id = aws_subnet.vpc_b_subnet_1.id + route_table_id = aws_route_table.vpc_b_route_table.id + + depends_on = [ aws_route_table.vpc_b_route_table ] +} + +### --------- vpc C route table association --------- ### +resource "aws_route_table_association" "vpc_c_subnet_1_association" { + subnet_id = aws_subnet.vpc_c_subnet_1.id + route_table_id = aws_route_table.vpc_c_route_table.id + + depends_on = [ aws_route_table.vpc_c_route_table ] +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/06-peerings.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/06-peerings.tf new file mode 100644 index 0000000..de654f6 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/06-peerings.tf @@ -0,0 +1,101 @@ +data "aws_caller_identity" "peer" {} + +### ------------ VPC A -> VPC B ------------ ### +resource "aws_vpc_peering_connection" "connection_a" { + + peer_owner_id = data.aws_caller_identity.peer.account_id + peer_vpc_id = aws_vpc.vpc_b.id ## Accepter VPC ID + vpc_id = aws_vpc.vpc_a.id ## Requester VPC ID + auto_accept = false + peer_region = var.aws_region + + tags = { + Name = "vpc a -> vpc b" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_b ] +} + + +### Accepters/Destination side of the connection ### +resource "aws_vpc_peering_connection_accepter" "vpc_a_accepter" { + vpc_peering_connection_id = aws_vpc_peering_connection.connection_a.id + auto_accept = true + + + + tags = { + Side = "Accepter" + Name = "vpc b -> vpc a" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_b ] +} + + +### ------------ VPC A -> VPC C ------------ ### +resource "aws_vpc_peering_connection" "connection_b" { + + peer_owner_id = data.aws_caller_identity.peer.account_id + peer_vpc_id = aws_vpc.vpc_c.id ## Accepter VPC ID + vpc_id = aws_vpc.vpc_a.id ## Requester VPC ID + auto_accept = false + peer_region = var.aws_region + + tags = { + Name = "vpc a -> vpc c" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_c ] +} + + +### Accepters/Destination side of the connection ### +resource "aws_vpc_peering_connection_accepter" "vpc_c_accepter" { + vpc_peering_connection_id = aws_vpc_peering_connection.connection_b.id + auto_accept = true + + + + tags = { + Side = "Accepter" + Name = "vpc c -> vpc a" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_c ] +} + + + + +### ------------ VPC C -> VPC B ------------ ### +resource "aws_vpc_peering_connection" "connection_c" { + + peer_owner_id = data.aws_caller_identity.peer.account_id + peer_vpc_id = aws_vpc.vpc_b.id ## Accepter VPC ID + vpc_id = aws_vpc.vpc_c.id ## Requester VPC ID + auto_accept = false + peer_region = var.aws_region + + tags = { + Name = "vpc c -> vpc b" + } + + depends_on = [ aws_vpc.vpc_a, aws_vpc.vpc_c ] +} + + +### Accepters/Destination side of the connection ### +resource "aws_vpc_peering_connection_accepter" "vpc_b_accepter" { + vpc_peering_connection_id = aws_vpc_peering_connection.connection_c.id + auto_accept = true + + + + tags = { + Side = "Accepter" + Name = "vpc b -> vpc c" + } + + depends_on = [ aws_vpc.vpc_b, aws_vpc.vpc_c ] +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/07-iam.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/07-iam.tf new file mode 100644 index 0000000..cccb1d3 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/07-iam.tf @@ -0,0 +1,86 @@ +### use the IAM policy created for SSM ### + +resource "aws_iam_policy" "ssm_policy" { + name = "AmazonSSMManagedInstanceCore" + path = "/" + description = "SSM policy" + + # Terraform's "jsonencode" function converts a + # Terraform expression result to valid JSON syntax. + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + "Effect": "Allow", + "Action": [ + "ssm:DescribeAssociation", + "ssm:GetDeployablePatchSnapshotForInstance", + "ssm:GetDocument", + "ssm:DescribeDocument", + "ssm:GetManifest", + "ssm:GetParameter", + "ssm:GetParameters", + "ssm:ListAssociations", + "ssm:ListInstanceAssociations", + "ssm:PutInventory", + "ssm:PutComplianceItems", + "ssm:PutConfigurePackageResult", + "ssm:UpdateAssociationStatus", + "ssm:UpdateInstanceAssociationStatus", + "ssm:UpdateInstanceInformation" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2messages:AcknowledgeMessage", + "ec2messages:DeleteMessage", + "ec2messages:FailMessage", + "ec2messages:GetEndpoint", + "ec2messages:GetMessages", + "ec2messages:SendReply" + ], + "Resource": "*" + } + ] + }) +} + +data "aws_iam_policy_document" "ssm_policy_doc" { + statement { + actions = [ + "sts:AssumeRole" + ] + principals { + type = "Service" + identifiers = ["ec2.amazonaws.com"] + } + effect = "Allow" + } +} + +resource "aws_iam_role" "ssm_role" { + name = "AmazonSSMManagedInstanceCore1" + assume_role_policy = data.aws_iam_policy_document.ssm_policy_doc.json +} + +resource "aws_iam_role_policy_attachment" "attach_ssm_policy" { + role = aws_iam_role.ssm_role.name + policy_arn = aws_iam_policy.ssm_policy.arn +} + +resource "aws_iam_instance_profile" "ssm_profile" { + name = "AmazonSSMManagedInstanceCore2" + role = aws_iam_role.ssm_role.name +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/08-EC2.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/08-EC2.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/09-security-groups.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/09-security-groups.tf new file mode 100644 index 0000000..c20ca22 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/09-security-groups.tf @@ -0,0 +1,87 @@ +### -------------- Security Group VPC A ------------- ### +resource "aws_security_group" "vpc_a_sg" { + vpc_id = aws_vpc.vpc_a.id + description = "Security group for VPC A" +} + +resource "aws_security_group_rule" "icmp_source" { + type = "ingress" + from_port = -1 + to_port = -1 + protocol = "icmp" + security_group_id = aws_security_group.vpc_a_sg.id + cidr_blocks = [var.acceptor_cidr] + + + description = "Allow ICMP from destination VPC" + + depends_on = [ aws_security_group.vpc_a_sg ] +} + + + +resource "aws_vpc_security_group_egress_rule" "source_egress" { + security_group_id = aws_security_group.vpc_a_sg.id + + cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr + ip_protocol = "-1" + +} +### -------------- Security Group VPC B ------------- ### +resource "aws_security_group" "vpc_b_sg" { + vpc_id = aws_vpc.vpc_b.id + description = "Security group for VPC B" +} + +resource "aws_security_group_rule" "icmp_source" { + type = "ingress" + from_port = -1 + to_port = -1 + protocol = "icmp" + security_group_id = aws_security_group.vpc_b_sg.id + cidr_blocks = [var.acceptor_cidr] + + + description = "Allow ICMP from destination VPC" + + depends_on = [ aws_security_group.vpc_b_sg ] +} + + + +resource "aws_vpc_security_group_egress_rule" "source_egress" { + security_group_id = aws_security_group.vpc_b_sg.id + + cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr + ip_protocol = "-1" + +} +### -------------- Security Group VPC C ------------- ### +resource "aws_security_group" "vpc_c_sg" { + vpc_id = aws_vpc.vpc_c.id + description = "Security group for source VPC" +} + +resource "aws_security_group_rule" "icmp_source" { + type = "ingress" + from_port = -1 + to_port = -1 + protocol = "icmp" + security_group_id = aws_security_group.vpc_c_sg.id + cidr_blocks = [var.acceptor_cidr] + + + description = "Allow ICMP from destination VPC" + + depends_on = [ aws_security_group.vpc_c_sg ] +} + + + +resource "aws_vpc_security_group_egress_rule" "source_egress" { + security_group_id = aws_security_group.vpc_c_sg.id + + cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr + ip_protocol = "-1" + +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/10-variables.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/10-variables.tf new file mode 100644 index 0000000..9009978 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/10-variables.tf @@ -0,0 +1,75 @@ +variable "aws_region" { + description = "AWS region where the VPCs will be created" + type = string + default = "us-east-1" + +} +variable "environment" { + description = "Environment for the VPCs (e.g., dev, staging, prod)" + type = string + +} + +### VPC Variables ### +variable "vpc_a_cidr" { + description = "CIDR block for VPC A" + type = string + +} +variable "vpc_b_cidr" { + description = "CIDR block for VPC B" + type = string + +} +variable "vpc_c_cidr" { + description = "CIDR block for VPC C" + type = string + +} +variable "vpc_a_name" { + description = "Name for VPC A" + type = string +} +variable "vpc_b_name" { + description = "Name for VPC B" + type = string +} +variable "vpc_c_name" { + description = "Name for VPC C" + type = string +} + +### Subnet Variables ### + +### Subnet CIDR blocks for each Subnet ### +variable "vpc_a_subnet_1_cidr" { + description = "CIDR block for VPC A Subnet 1" + type = string +} +variable "vpc_b_subnet_1_cidr" { + description = "CIDR block for VPC B Subnet 1" + type = string +} +variable "vpc_c_subnet_1_cidr" { + description = "CIDR block for VPC C Subnet 1" + type = string +} + +### Subnet Availability Zones for each Subnet ### + +variable "vpc_a_subnet_1_availability_zone" { + description = "Availability Zone for VPC A Subnet 1" + type = string + +} + +variable "vpc_b_subnet_1_availability_zone" { + description = "Availability Zone for VPC B Subnet 1" + type = string + +} +variable "vpc_c_subnet_1_availability_zone" { + description = "Availability Zone for VPC C Subnet 1" + type = string + +} \ No newline at end of file diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/11-outputs.tf b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/11-outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC-Peering/Modules/multi-vpc-to-multi-vpc/readme b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/readme new file mode 100644 index 0000000..c338984 --- /dev/null +++ b/VPC-Peering/Modules/multi-vpc-to-multi-vpc/readme @@ -0,0 +1,3 @@ +## What I want to explore in this section + - forech + - \ No newline at end of file diff --git a/VPC/Modules/vpc-flowlogs/.gitignore b/VPC/Modules/vpc-flowlogs/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/VPC/Modules/vpc-flowlogs/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/VPC/Modules/vpc-flowlogs/main.tf b/VPC/Modules/vpc-flowlogs/main.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Modules/vpc-flowlogs/outputs.tf b/VPC/Modules/vpc-flowlogs/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/VPC/Modules/vpc-flowlogs/variables.tf b/VPC/Modules/vpc-flowlogs/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/Vnet-Peering/Environments/dev/.gitignore b/Vnet-Peering/Environments/dev/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/Vnet-Peering/Environments/dev/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file diff --git a/Vnet-Peering/Environments/prod/.gitignore b/Vnet-Peering/Environments/prod/.gitignore new file mode 100644 index 0000000..1e1ac26 --- /dev/null +++ b/Vnet-Peering/Environments/prod/.gitignore @@ -0,0 +1,41 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc +.terraform.lock.hcl + +# Ignore the .DS_Store files created by macOS +.DS_Store \ No newline at end of file From 849c5a7b72181de01e1240c66730e4fdcfb8aee7 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Jul 2025 23:20:24 -0400 Subject: [PATCH 38/43] to the main --- S2S-VPN/Environments/.DS_Store | Bin 0 -> 6148 bytes S2S-VPN/Environments/dev/terraform.tfvars | 0 S2S-VPN/Environments/prod/terraform.tfvars | 0 S2S-VPN/Environments/test/terraform.tfvars | 0 TransitGatway/Environments/.DS_Store | Bin 0 -> 6148 bytes VNET/.DS_Store | Bin 0 -> 6148 bytes VPC/.DS_Store | Bin 0 -> 6148 bytes .../aws/6.0.0-beta2/darwin_arm64/LICENSE.txt | 375 ++++++++++++++++++ VPC/Environment/.DS_Store | Bin 0 -> 6148 bytes VPC/Environment/Dev/.DS_Store | Bin 0 -> 6148 bytes VPC/Environment/Dev/.terraform.lock.hcl | 25 ++ VPC/Environment/test-v1/.terraform.lock.hcl | 25 ++ VPC/Modules/Simple-VPC/.terraform.lock.hcl | 25 ++ Vnet-Peering/Environments/.DS_Store | Bin 0 -> 6148 bytes .../Environments/test/.terraform.lock.hcl | 22 + .../test/.terraform/modules/modules.json | 1 + .../azurerm/4.34.0/darwin_arm64/LICENSE.txt | 375 ++++++++++++++++++ .../test/.terraform/terraform.tfstate | 39 ++ 18 files changed, 887 insertions(+) create mode 100644 S2S-VPN/Environments/.DS_Store create mode 100644 S2S-VPN/Environments/dev/terraform.tfvars create mode 100644 S2S-VPN/Environments/prod/terraform.tfvars create mode 100644 S2S-VPN/Environments/test/terraform.tfvars create mode 100644 TransitGatway/Environments/.DS_Store create mode 100644 VNET/.DS_Store create mode 100644 VPC/.DS_Store create mode 100644 VPC/.terraform/providers/registry.terraform.io/hashicorp/aws/6.0.0-beta2/darwin_arm64/LICENSE.txt create mode 100644 VPC/Environment/.DS_Store create mode 100644 VPC/Environment/Dev/.DS_Store create mode 100644 VPC/Environment/Dev/.terraform.lock.hcl create mode 100644 VPC/Environment/test-v1/.terraform.lock.hcl create mode 100644 VPC/Modules/Simple-VPC/.terraform.lock.hcl create mode 100644 Vnet-Peering/Environments/.DS_Store create mode 100644 Vnet-Peering/Environments/test/.terraform.lock.hcl create mode 100644 Vnet-Peering/Environments/test/.terraform/modules/modules.json create mode 100644 Vnet-Peering/Environments/test/.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.34.0/darwin_arm64/LICENSE.txt create mode 100644 Vnet-Peering/Environments/test/.terraform/terraform.tfstate diff --git a/S2S-VPN/Environments/.DS_Store b/S2S-VPN/Environments/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..44d7535913edf3af0094322cb7341f1750fd7acd GIT binary patch literal 6148 zcmeHKu};G<5IwgM3WA|5h=IWq8$&lLmQaN+=ntSa2qao1g2J4S;3xP3{s4XniG_DQ z%W)Oc5mo3;I=|%3=O@2JxtNH|^tl=njfg0RGY)s}2?AFs;q8D-SaBh^$T z7(*`RJb!z=SnPc=XO!<)Q~4zC8vA^rb&}WTV&2R5he_ZK`HnZ0Pw?`d)l>mhKo!^} z1<|Y&0I=}b3L*kCQVNt( z3msln!!8^9IgWV z?8a2l1HGK(>BSgxtRCk>$d0Z@;z@VpWx*^o0$TpfGKcD3ZQ4RO DyA@fT literal 0 HcmV?d00001 diff --git a/VNET/.DS_Store b/VNET/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..d43f57a7bb44dc124465a4b31478179c11655f53 GIT binary patch literal 6148 zcmeHKy-veG47N)JL1pO3cpGA@c!5v_@c@;O*ie52NC~N+WzNJC@I0)%3@baI&sIqY zL1IBFvL*Yw+}SzbcU4>y5s%mN5z&x{5~yHrALbj8bH5~K7 z{8Gb8QNxL?`C!|btwZ6sJKi6nJ8`P$)){aHnhfmd<524VS$F^64Du&uz!~^g3~)c2 zWMdr3YHRCoQfmYB3MwLgmEtA@gIJ2;E2a1l8U^z~2Ef#?Qp60z{|H1H+&BY&%D@Nn C_*1t4 literal 0 HcmV?d00001 diff --git a/VPC/.DS_Store b/VPC/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..25c46ea10ac008d4932259c80eb4c58da4c57627 GIT binary patch literal 6148 zcmeHKO-sW-5PchqRx8+xAb5#4PeL!AJj9Y7D?;yLYyE&;(Ft6AaebePQxm+L8s{vq>~|jtTm>LWT*_ zrD%2hMFnKz{H;G|<5abKH_=#!*VnBTS1-fuvg(F)_B8LWTCNrIrr8JE@1u)+VM3C? z8oJ~;#0&|U-j#ViZ!bp_`Q0BrKAbszpXMp@s*Wo02_i10rV6M6s=z`4-q~VxIos7# z0aZX1C@LW5L&zo=dCVQ!ql29-0f;rat#K^1gye)CBagX5zM&bHN_45lml(#S(;xb{ z$Ybu%rNj8*!}yhruTYF#o%4q_942z8y(*vzloeQUk4?G%JJt1nIZ2;X0af5%DPU@G zFK+Xb{N1|radOv&Z0BrZ5|=w%q;O!bV#dlS5T0$LjX#GT1w8~r=tVH#1H=$P@L2Ckt<*zf3TnOP5qtq(z-RC-eFKla zhamlCcWk$&?M)Gxf!S{}JF`3al4d$YWYYU?Ow=Tz5Xx9v!!Sp9owXu0v1|ej?-92z zi+oV=Q^Vh7fS+BRGP@0b#U$P`iL;R zOlLUnmhNbuZZLcBPi~ERJM(<}9JXsG>mPy5p|V$AOtV?$=jYWLy>ng-Wb~ESkYYb8 zqTSP~ho95)O8WNHusMC($Ioc7m!A)j{)qU2s3-%hJ2n#~e!IMh)YPzIEN2?P9n zh@gy#VCm3)IxyH402sh*1#|8tI3^NI1WSilffyGGbfHFC4CBIKkHjw#EFHRVGSYk) zIoU{uV(jVIKeFy*5{Eh}1IoZG19f-V^8TeNWm>_FsDQ-z>Yvty+ u)<)0^C=2_Q4ksa)*isB%F2!3=E3ijA0VaZ_Ls%gCN5ImcgEH`|42%JN)nl#z literal 0 HcmV?d00001 diff --git a/VPC/Environment/Dev/.DS_Store b/VPC/Environment/Dev/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..5008ddfcf53c02e82d7eee2e57c38e5672ef89f6 GIT binary patch literal 6148 zcmeH~Jr2S!425mzP>H1@V-^m;4Wg<&0T*E43hX&L&p$$qDprKhvt+--jT7}7np#A3 zem<@ulZcFPQ@L2!n>{z**++&mCkOWA81W14cNZlEfg7;MkzE(HCqgga^y>{tEnwC%0;vJ&^%eQ zLs35+`xjp>T0!s*o-D-o-xW^8}d=zg_~pI>s&WY$HNEmp+>ke$7k) zQ@|A1HU-eL*+zSUHktyafGJQb!0!hSXG|3c!n`bj@NqcK&bKGk^`~uF#>ng#z1e4H;v6fr$1Re}=&l6y(SP3Em Pvk!qFgAJy@pDOST$Shle literal 0 HcmV?d00001 diff --git a/Vnet-Peering/Environments/test/.terraform.lock.hcl b/Vnet-Peering/Environments/test/.terraform.lock.hcl new file mode 100644 index 0000000..e8306bb --- /dev/null +++ b/Vnet-Peering/Environments/test/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "4.34.0" + constraints = "4.34.0" + hashes = [ + "h1:gaDqI1j1w6sGScP7Gs0xg5pcjMlRmZjP5lvH6PoiW2A=", + "zh:07838a6b64533d70d441ebb61b04fe2a801e3c8d111af2bd7813385ed9baf778", + "zh:27e2793081c363000bd41ea75f9e5eb0c368d01a65f1e2237b8f52651374874f", + "zh:2f1a5a270c69902c676360bc00e82d7a77968b2d9c5085167b816adbc9a3afd6", + "zh:347fb015ef69520e7a374206411020546d4cd32c64dcdb01409b09a6ccb8a4ad", + "zh:34fc3c1c8a194169fab5ccc449fa8ebbd625f4bfde057b020e27661a29a6ba04", + "zh:43675af15ac12a1b36f5eb2913f9a02388f8d965ebb5a15d309014aafe395eda", + "zh:4b3f06305a9299a224967e30991554bcc19d9f78bdb22b7b02545810218eb195", + "zh:8e43e2ad4f23cc8e0e1f51cdf19c0452ba97393958508e278a2bc135e28b2bbf", + "zh:a9757211de25ebbda695913d6a7fb8e9ab796b9d406c980ba51d0ba9470111fd", + "zh:d6c47eb39a51c18a680b0b13b952f1b8f3f6ca3d7f5ad6c77e279068bd457fc8", + "zh:dd2ec26453b0f28436003d50a0d174fbc19913158b17da3c6b897540c957bd9b", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/Vnet-Peering/Environments/test/.terraform/modules/modules.json b/Vnet-Peering/Environments/test/.terraform/modules/modules.json new file mode 100644 index 0000000..e014f2d --- /dev/null +++ b/Vnet-Peering/Environments/test/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"linux_vm","Source":"../../../virtual-machines/Azure/Linux-VM","Dir":"../../../virtual-machines/Azure/Linux-VM"},{"Key":"peerings","Source":"../../../Vnet-Peering/modules/peering-connection","Dir":"../../../Vnet-Peering/modules/peering-connection"},{"Key":"resource_group","Source":"../../../VNET/modules/resource-group","Dir":"../../../VNET/modules/resource-group"},{"Key":"subnets","Source":"../../../VNET/modules/subnet","Dir":"../../../VNET/modules/subnet"},{"Key":"virtual_network","Source":"../../../VNET/modules/virtual-network","Dir":"../../../VNET/modules/virtual-network"}]} \ No newline at end of file diff --git a/Vnet-Peering/Environments/test/.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.34.0/darwin_arm64/LICENSE.txt b/Vnet-Peering/Environments/test/.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.34.0/darwin_arm64/LICENSE.txt new file mode 100644 index 0000000..b9ac071 --- /dev/null +++ b/Vnet-Peering/Environments/test/.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.34.0/darwin_arm64/LICENSE.txt @@ -0,0 +1,375 @@ +Copyright (c) 2017 HashiCorp, Inc. + +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/Vnet-Peering/Environments/test/.terraform/terraform.tfstate b/Vnet-Peering/Environments/test/.terraform/terraform.tfstate new file mode 100644 index 0000000..d6bb3f5 --- /dev/null +++ b/Vnet-Peering/Environments/test/.terraform/terraform.tfstate @@ -0,0 +1,39 @@ +{ + "version": 3, + "terraform_version": "1.11.0", + "backend": { + "type": "azurerm", + "config": { + "access_key": null, + "client_certificate": null, + "client_certificate_password": null, + "client_certificate_path": null, + "client_id": null, + "client_id_file_path": null, + "client_secret": null, + "client_secret_file_path": null, + "container_name": "testtfstate", + "endpoint": null, + "environment": null, + "key": "vnet-peering.terraform.tfstate", + "metadata_host": null, + "msi_endpoint": null, + "oidc_request_token": null, + "oidc_request_url": null, + "oidc_token": null, + "oidc_token_file_path": null, + "resource_group_name": "tf_state", + "sas_token": null, + "snapshot": null, + "storage_account_name": "tfstatefile84", + "subscription_id": "61fbcac7-2f66-43f1-aca9-bfbab5b91195", + "tenant_id": null, + "use_aks_workload_identity": null, + "use_azuread_auth": null, + "use_cli": null, + "use_msi": null, + "use_oidc": null + }, + "hash": 2846517555 + } +} \ No newline at end of file From 28c95a4c0ae90de4d42bb5d2cdcfc6b4e1a0e116 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Jul 2025 23:20:24 -0400 Subject: [PATCH 39/43] to the main --- S2S-VPN/Environments/.DS_Store | Bin 0 -> 6148 bytes S2S-VPN/Environments/dev/terraform.tfvars | 0 S2S-VPN/Environments/prod/terraform.tfvars | 0 S2S-VPN/Environments/test/terraform.tfvars | 0 TransitGatway/Environments/.DS_Store | Bin 0 -> 6148 bytes VNET/.DS_Store | Bin 0 -> 6148 bytes VPC/.DS_Store | Bin 0 -> 6148 bytes .../aws/6.0.0-beta2/darwin_arm64/LICENSE.txt | 375 ++++++++++++++++++ VPC/Environment/.DS_Store | Bin 0 -> 6148 bytes VPC/Environment/Dev/.DS_Store | Bin 0 -> 6148 bytes VPC/Environment/Dev/.terraform.lock.hcl | 25 ++ VPC/Environment/test-v1/.terraform.lock.hcl | 25 ++ VPC/Modules/Simple-VPC/.terraform.lock.hcl | 25 ++ Vnet-Peering/Environments/.DS_Store | Bin 0 -> 6148 bytes .../Environments/test/.terraform.lock.hcl | 22 + .../test/.terraform/modules/modules.json | 1 + .../azurerm/4.34.0/darwin_arm64/LICENSE.txt | 375 ++++++++++++++++++ .../test/.terraform/terraform.tfstate | 39 ++ 18 files changed, 887 insertions(+) create mode 100644 S2S-VPN/Environments/.DS_Store create mode 100644 S2S-VPN/Environments/dev/terraform.tfvars create mode 100644 S2S-VPN/Environments/prod/terraform.tfvars create mode 100644 S2S-VPN/Environments/test/terraform.tfvars create mode 100644 TransitGatway/Environments/.DS_Store create mode 100644 VNET/.DS_Store create mode 100644 VPC/.DS_Store create mode 100644 VPC/.terraform/providers/registry.terraform.io/hashicorp/aws/6.0.0-beta2/darwin_arm64/LICENSE.txt create mode 100644 VPC/Environment/.DS_Store create mode 100644 VPC/Environment/Dev/.DS_Store create mode 100644 VPC/Environment/Dev/.terraform.lock.hcl create mode 100644 VPC/Environment/test-v1/.terraform.lock.hcl create mode 100644 VPC/Modules/Simple-VPC/.terraform.lock.hcl create mode 100644 Vnet-Peering/Environments/.DS_Store create mode 100644 Vnet-Peering/Environments/test/.terraform.lock.hcl create mode 100644 Vnet-Peering/Environments/test/.terraform/modules/modules.json create mode 100644 Vnet-Peering/Environments/test/.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.34.0/darwin_arm64/LICENSE.txt create mode 100644 Vnet-Peering/Environments/test/.terraform/terraform.tfstate diff --git a/S2S-VPN/Environments/.DS_Store b/S2S-VPN/Environments/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..44d7535913edf3af0094322cb7341f1750fd7acd GIT binary patch literal 6148 zcmeHKu};G<5IwgM3WA|5h=IWq8$&lLmQaN+=ntSa2qao1g2J4S;3xP3{s4XniG_DQ z%W)Oc5mo3;I=|%3=O@2JxtNH|^tl=njfg0RGY)s}2?AFs;q8D-SaBh^$T z7(*`RJb!z=SnPc=XO!<)Q~4zC8vA^rb&}WTV&2R5he_ZK`HnZ0Pw?`d)l>mhKo!^} z1<|Y&0I=}b3L*kCQVNt( z3msln!!8^9IgWV z?8a2l1HGK(>BSgxtRCk>$d0Z@;z@VpWx*^o0$TpfGKcD3ZQ4RO DyA@fT literal 0 HcmV?d00001 diff --git a/VNET/.DS_Store b/VNET/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..d43f57a7bb44dc124465a4b31478179c11655f53 GIT binary patch literal 6148 zcmeHKy-veG47N)JL1pO3cpGA@c!5v_@c@;O*ie52NC~N+WzNJC@I0)%3@baI&sIqY zL1IBFvL*Yw+}SzbcU4>y5s%mN5z&x{5~yHrALbj8bH5~K7 z{8Gb8QNxL?`C!|btwZ6sJKi6nJ8`P$)){aHnhfmd<524VS$F^64Du&uz!~^g3~)c2 zWMdr3YHRCoQfmYB3MwLgmEtA@gIJ2;E2a1l8U^z~2Ef#?Qp60z{|H1H+&BY&%D@Nn C_*1t4 literal 0 HcmV?d00001 diff --git a/VPC/.DS_Store b/VPC/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..25c46ea10ac008d4932259c80eb4c58da4c57627 GIT binary patch literal 6148 zcmeHKO-sW-5PchqRx8+xAb5#4PeL!AJj9Y7D?;yLYyE&;(Ft6AaebePQxm+L8s{vq>~|jtTm>LWT*_ zrD%2hMFnKz{H;G|<5abKH_=#!*VnBTS1-fuvg(F)_B8LWTCNrIrr8JE@1u)+VM3C? z8oJ~;#0&|U-j#ViZ!bp_`Q0BrKAbszpXMp@s*Wo02_i10rV6M6s=z`4-q~VxIos7# z0aZX1C@LW5L&zo=dCVQ!ql29-0f;rat#K^1gye)CBagX5zM&bHN_45lml(#S(;xb{ z$Ybu%rNj8*!}yhruTYF#o%4q_942z8y(*vzloeQUk4?G%JJt1nIZ2;X0af5%DPU@G zFK+Xb{N1|radOv&Z0BrZ5|=w%q;O!bV#dlS5T0$LjX#GT1w8~r=tVH#1H=$P@L2Ckt<*zf3TnOP5qtq(z-RC-eFKla zhamlCcWk$&?M)Gxf!S{}JF`3al4d$YWYYU?Ow=Tz5Xx9v!!Sp9owXu0v1|ej?-92z zi+oV=Q^Vh7fS+BRGP@0b#U$P`iL;R zOlLUnmhNbuZZLcBPi~ERJM(<}9JXsG>mPy5p|V$AOtV?$=jYWLy>ng-Wb~ESkYYb8 zqTSP~ho95)O8WNHusMC($Ioc7m!A)j{)qU2s3-%hJ2n#~e!IMh)YPzIEN2?P9n zh@gy#VCm3)IxyH402sh*1#|8tI3^NI1WSilffyGGbfHFC4CBIKkHjw#EFHRVGSYk) zIoU{uV(jVIKeFy*5{Eh}1IoZG19f-V^8TeNWm>_FsDQ-z>Yvty+ u)<)0^C=2_Q4ksa)*isB%F2!3=E3ijA0VaZ_Ls%gCN5ImcgEH`|42%JN)nl#z literal 0 HcmV?d00001 diff --git a/VPC/Environment/Dev/.DS_Store b/VPC/Environment/Dev/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..5008ddfcf53c02e82d7eee2e57c38e5672ef89f6 GIT binary patch literal 6148 zcmeH~Jr2S!425mzP>H1@V-^m;4Wg<&0T*E43hX&L&p$$qDprKhvt+--jT7}7np#A3 zem<@ulZcFPQ@L2!n>{z**++&mCkOWA81W14cNZlEfg7;MkzE(HCqgga^y>{tEnwC%0;vJ&^%eQ zLs35+`xjp>T0!s*o-D-o-xW^8}d=zg_~pI>s&WY$HNEmp+>ke$7k) zQ@|A1HU-eL*+zSUHktyafGJQb!0!hSXG|3c!n`bj@NqcK&bKGk^`~uF#>ng#z1e4H;v6fr$1Re}=&l6y(SP3Em Pvk!qFgAJy@pDOST$Shle literal 0 HcmV?d00001 diff --git a/Vnet-Peering/Environments/test/.terraform.lock.hcl b/Vnet-Peering/Environments/test/.terraform.lock.hcl new file mode 100644 index 0000000..e8306bb --- /dev/null +++ b/Vnet-Peering/Environments/test/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "4.34.0" + constraints = "4.34.0" + hashes = [ + "h1:gaDqI1j1w6sGScP7Gs0xg5pcjMlRmZjP5lvH6PoiW2A=", + "zh:07838a6b64533d70d441ebb61b04fe2a801e3c8d111af2bd7813385ed9baf778", + "zh:27e2793081c363000bd41ea75f9e5eb0c368d01a65f1e2237b8f52651374874f", + "zh:2f1a5a270c69902c676360bc00e82d7a77968b2d9c5085167b816adbc9a3afd6", + "zh:347fb015ef69520e7a374206411020546d4cd32c64dcdb01409b09a6ccb8a4ad", + "zh:34fc3c1c8a194169fab5ccc449fa8ebbd625f4bfde057b020e27661a29a6ba04", + "zh:43675af15ac12a1b36f5eb2913f9a02388f8d965ebb5a15d309014aafe395eda", + "zh:4b3f06305a9299a224967e30991554bcc19d9f78bdb22b7b02545810218eb195", + "zh:8e43e2ad4f23cc8e0e1f51cdf19c0452ba97393958508e278a2bc135e28b2bbf", + "zh:a9757211de25ebbda695913d6a7fb8e9ab796b9d406c980ba51d0ba9470111fd", + "zh:d6c47eb39a51c18a680b0b13b952f1b8f3f6ca3d7f5ad6c77e279068bd457fc8", + "zh:dd2ec26453b0f28436003d50a0d174fbc19913158b17da3c6b897540c957bd9b", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/Vnet-Peering/Environments/test/.terraform/modules/modules.json b/Vnet-Peering/Environments/test/.terraform/modules/modules.json new file mode 100644 index 0000000..e014f2d --- /dev/null +++ b/Vnet-Peering/Environments/test/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"linux_vm","Source":"../../../virtual-machines/Azure/Linux-VM","Dir":"../../../virtual-machines/Azure/Linux-VM"},{"Key":"peerings","Source":"../../../Vnet-Peering/modules/peering-connection","Dir":"../../../Vnet-Peering/modules/peering-connection"},{"Key":"resource_group","Source":"../../../VNET/modules/resource-group","Dir":"../../../VNET/modules/resource-group"},{"Key":"subnets","Source":"../../../VNET/modules/subnet","Dir":"../../../VNET/modules/subnet"},{"Key":"virtual_network","Source":"../../../VNET/modules/virtual-network","Dir":"../../../VNET/modules/virtual-network"}]} \ No newline at end of file diff --git a/Vnet-Peering/Environments/test/.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.34.0/darwin_arm64/LICENSE.txt b/Vnet-Peering/Environments/test/.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.34.0/darwin_arm64/LICENSE.txt new file mode 100644 index 0000000..b9ac071 --- /dev/null +++ b/Vnet-Peering/Environments/test/.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.34.0/darwin_arm64/LICENSE.txt @@ -0,0 +1,375 @@ +Copyright (c) 2017 HashiCorp, Inc. + +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/Vnet-Peering/Environments/test/.terraform/terraform.tfstate b/Vnet-Peering/Environments/test/.terraform/terraform.tfstate new file mode 100644 index 0000000..d6bb3f5 --- /dev/null +++ b/Vnet-Peering/Environments/test/.terraform/terraform.tfstate @@ -0,0 +1,39 @@ +{ + "version": 3, + "terraform_version": "1.11.0", + "backend": { + "type": "azurerm", + "config": { + "access_key": null, + "client_certificate": null, + "client_certificate_password": null, + "client_certificate_path": null, + "client_id": null, + "client_id_file_path": null, + "client_secret": null, + "client_secret_file_path": null, + "container_name": "testtfstate", + "endpoint": null, + "environment": null, + "key": "vnet-peering.terraform.tfstate", + "metadata_host": null, + "msi_endpoint": null, + "oidc_request_token": null, + "oidc_request_url": null, + "oidc_token": null, + "oidc_token_file_path": null, + "resource_group_name": "tf_state", + "sas_token": null, + "snapshot": null, + "storage_account_name": "tfstatefile84", + "subscription_id": "61fbcac7-2f66-43f1-aca9-bfbab5b91195", + "tenant_id": null, + "use_aks_workload_identity": null, + "use_azuread_auth": null, + "use_cli": null, + "use_msi": null, + "use_oidc": null + }, + "hash": 2846517555 + } +} \ No newline at end of file From 5598160133e52b7a6150f6212fe3d889621532db Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Jul 2025 23:46:18 -0400 Subject: [PATCH 40/43] node --- .DS_Store | Bin 0 -> 10244 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 .DS_Store diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..2ebc725cc083a671dc35799da3b440a3e4d8a0f9 GIT binary patch literal 10244 zcmeHN-HTgA6hD*1?%nQYUC~;QK3o+_3)^G`C>OTxi{ov zqm7Hf2T`d|d{RW{qYnzc2|g%3SU;WwK|~PrKTr@K+6Vp3+(~loO>Q zX=|C(vh7J|P=x0S>A4EM#Sor5>TPY8)UxeK&z*$cdYvgiWV*=DVxv-D}UQYzN!v$H>lNHliezA&9?6@~1Ot7pM zFp7Kc-TPa33gGgy|J=*{7CZ~@|9blYJ&pqH@G%r_<Cxy~ju5=ETW z@ma}WT-D_4L91$XHF1B*Ke{4^VSSqAZ-}QKbMnRE{c!x>Twk2f_=mL5xfspE&r2Ht z;XBGU5Lbb@0kkEI+A?Gg^H>pV6sYD$adc`FACBeSYfp4$w_W?IgkZF&BGF8ufZJ;jLuYZ%yT42W1N zosx%roui2$0rITf#&s2!EYhy+N#%l@G?De{I36$ZIR1#Po0U=)=#yHuJ*nJLuiPQM w)BJn>V}L%#H2eSFzqM3Cx_kG)j??V_amK(mFQe?|`SxWLd%l6W_xu090gm-Y&;S4c literal 0 HcmV?d00001 From 3324bdaa1855bbdbf965176bd252b4e6660f41dc Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 2 Jul 2025 00:03:31 -0400 Subject: [PATCH 41/43] Remove .DS_Store and add to gitignore made some changes --- .DS_Store | Bin 10244 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 .DS_Store diff --git a/.DS_Store b/.DS_Store deleted file mode 100644 index 2ebc725cc083a671dc35799da3b440a3e4d8a0f9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 10244 zcmeHN-HTgA6hD*1?%nQYUC~;QK3o+_3)^G`C>OTxi{ov zqm7Hf2T`d|d{RW{qYnzc2|g%3SU;WwK|~PrKTr@K+6Vp3+(~loO>Q zX=|C(vh7J|P=x0S>A4EM#Sor5>TPY8)UxeK&z*$cdYvgiWV*=DVxv-D}UQYzN!v$H>lNHliezA&9?6@~1Ot7pM zFp7Kc-TPa33gGgy|J=*{7CZ~@|9blYJ&pqH@G%r_<Cxy~ju5=ETW z@ma}WT-D_4L91$XHF1B*Ke{4^VSSqAZ-}QKbMnRE{c!x>Twk2f_=mL5xfspE&r2Ht z;XBGU5Lbb@0kkEI+A?Gg^H>pV6sYD$adc`FACBeSYfp4$w_W?IgkZF&BGF8ufZJ;jLuYZ%yT42W1N zosx%roui2$0rITf#&s2!EYhy+N#%l@G?De{I36$ZIR1#Po0U=)=#yHuJ*nJLuiPQM w)BJn>V}L%#H2eSFzqM3Cx_kG)j??V_amK(mFQe?|`SxWLd%l6W_xu090gm-Y&;S4c From c8bcc38564595a9106ec061eccf80d2adcb3e013 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 2 Jul 2025 00:32:55 -0400 Subject: [PATCH 42/43] changes --- .github/workflows/trivy.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml index fe56864..97d3f58 100644 --- a/.github/workflows/trivy.yaml +++ b/.github/workflows/trivy.yaml @@ -10,6 +10,32 @@ permissions: packages: write jobs: +<<<<<<< HEAD +======= + trivy: + name: Trivy Vulnerability Scan + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Run Tricy vulnerabiltiy scanner in repo mode + uses: aquasecurity/trivy-action@0.28.0 + with: + scan-type: 'fs' + scan-path: '.' + severity: 'CRITICAL' + format: 'sarif' + output: 'trivy-results.sarif' + ignore-unfixed: true + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'trivy-results.sarif' +# + +>>>>>>> 6963c00 (another one) iac_scan: name: iac_scan runs-on: ubuntu-24.04 From 576e044b2824e723dccd80238d438deb4402edb3 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 2 Jul 2025 00:39:21 -0400 Subject: [PATCH 43/43] another one --- VPC-Peering/Environments/test/backend.tf | 16 +- VPC-Peering/Environments/test/main.tf | 72 ++--- VPC-Peering/Environments/test/providers.tf | 36 +-- .../Environments/test/terraform.tfvars | 58 ++-- VPC-Peering/Environments/test/variables.tf | 274 +++++++++--------- .../single-vpc-to-vpc/01-source-vpc.tf | 79 ++--- .../single-vpc-to-vpc/02-destination-vpc.tf | 91 +++--- .../Modules/single-vpc-to-vpc/04-subnet.tf | 130 ++++----- .../Modules/single-vpc-to-vpc/05-EC2.tf | 84 +++--- .../single-vpc-to-vpc/06-security-groups.tf | 104 +++---- .../single-vpc-to-vpc/07-route-tables.tf | 138 ++++----- .../Modules/single-vpc-to-vpc/09-iam.tf | 168 +++++------ .../Modules/single-vpc-to-vpc/10-variables.tf | 226 +++++++-------- 13 files changed, 743 insertions(+), 733 deletions(-) diff --git a/VPC-Peering/Environments/test/backend.tf b/VPC-Peering/Environments/test/backend.tf index 1379a0a..6c563dc 100644 --- a/VPC-Peering/Environments/test/backend.tf +++ b/VPC-Peering/Environments/test/backend.tf @@ -1,8 +1,8 @@ -terraform { - backend "s3" { - bucket = "terraform-state-bucket1237546" - key = "test-vpc-by-terraform-state.tfstate" - region = "us-east-1" - use_lockfile = true - } -} +# terraform { +# backend "s3" { +# bucket = "terraform-state-bucket1237546" +# key = "test-vpc-by-terraform-state.tfstate" +# region = "us-east-1" +# use_lockfile = true +# } +# } diff --git a/VPC-Peering/Environments/test/main.tf b/VPC-Peering/Environments/test/main.tf index 50a06a0..a3f5469 100644 --- a/VPC-Peering/Environments/test/main.tf +++ b/VPC-Peering/Environments/test/main.tf @@ -1,43 +1,43 @@ -module "single-vpc-to-vpc" { - source = "../../Modules/single-vpc-to-vpc" +# module "single-vpc-to-vpc" { +# source = "../../Modules/single-vpc-to-vpc" - providers = { - aws.us-east = aws.us-east - aws.us-west = aws.us-west - } +# providers = { +# aws.us-east = aws.us-east +# aws.us-west = aws.us-west +# } - ### Source VPC Variables ### - environment = var.environment - requestor_vpc_region = var.requestor_vpc_region - requester_vpc_name = "${var.requester_vpc_name}-${var.environment}" - requester_vpc_cidr = var.requester_vpc_cidr - requester_vpc_pub_sub_cidr = var.requester_vpc_pub_sub_cidr - requester_subnet1_cidr = var.requester_subnet1_cidr - requester_subnet1_name = "${var.requester_subnet1_name}-${var.environment}" - requester_subnet1_az = var.requester_subnet1_az - requester_subnet2_name = "${var.requester_subnet2_name}-${var.environment}" - requester_subnet2_cidr = var.requester_subnet2_cidr - requester_subnet2_az = var.requester_subnet2_az - requester_rt_name = "${var.requester_rt_name}-${var.environment}" - requester_ami_id = var.requester_ami_id - instance_type = var.instance_type +# ### Source VPC Variables ### +# environment = var.environment +# requestor_vpc_region = var.requestor_vpc_region +# requester_vpc_name = "${var.requester_vpc_name}-${var.environment}" +# requester_vpc_cidr = var.requester_vpc_cidr +# requester_vpc_pub_sub_cidr = var.requester_vpc_pub_sub_cidr +# requester_subnet1_cidr = var.requester_subnet1_cidr +# requester_subnet1_name = "${var.requester_subnet1_name}-${var.environment}" +# requester_subnet1_az = var.requester_subnet1_az +# requester_subnet2_name = "${var.requester_subnet2_name}-${var.environment}" +# requester_subnet2_cidr = var.requester_subnet2_cidr +# requester_subnet2_az = var.requester_subnet2_az +# requester_rt_name = "${var.requester_rt_name}-${var.environment}" +# requester_ami_id = var.requester_ami_id +# instance_type = var.instance_type - ### Destination VPC Variables ### - acceptor_region = var.acceptor_region - acceptor_vpc_name = "${var.acceptor_vpc_name}-${var.environment}" - acceptor_cidr = var.acceptor_cidr - acceptor_subnet1_cidr = var.acceptor_subnet1_cidr - acceptor_subnet1_name = "${var.acceptor_subnet1_name}-${var.environment}" - acceptor_subnet1_az = var.acceptor_subnet1_az - acceptor_subnet2_name = "${var.acceptor_subnet2_name}-${var.environment}" - acceptor_subnet2_cidr = var.acceptor_subnet2_cidr - acceptor_subnet2_az = var.acceptor_subnet2_az - acceptor_rt_name = "${var.acceptor_rt_name}-${var.environment}" - acceptor_pub_sub_cidr = var.acceptor_pub_sub_cidr - acceptor_ami_id = var.acceptor_ami_id - map_public_ip_on_launch = var.map_public_ip_on_launch +# ### Destination VPC Variables ### +# acceptor_region = var.acceptor_region +# acceptor_vpc_name = "${var.acceptor_vpc_name}-${var.environment}" +# acceptor_cidr = var.acceptor_cidr +# acceptor_subnet1_cidr = var.acceptor_subnet1_cidr +# acceptor_subnet1_name = "${var.acceptor_subnet1_name}-${var.environment}" +# acceptor_subnet1_az = var.acceptor_subnet1_az +# acceptor_subnet2_name = "${var.acceptor_subnet2_name}-${var.environment}" +# acceptor_subnet2_cidr = var.acceptor_subnet2_cidr +# acceptor_subnet2_az = var.acceptor_subnet2_az +# acceptor_rt_name = "${var.acceptor_rt_name}-${var.environment}" +# acceptor_pub_sub_cidr = var.acceptor_pub_sub_cidr +# acceptor_ami_id = var.acceptor_ami_id +# map_public_ip_on_launch = var.map_public_ip_on_launch -} \ No newline at end of file +# } \ No newline at end of file diff --git a/VPC-Peering/Environments/test/providers.tf b/VPC-Peering/Environments/test/providers.tf index b2e9cdf..8f68ee2 100644 --- a/VPC-Peering/Environments/test/providers.tf +++ b/VPC-Peering/Environments/test/providers.tf @@ -1,20 +1,20 @@ -terraform { - required_version = ">= 1.0" - required_providers { - aws = { - source = "hashicorp/aws" - version = "6.0.0-beta2" - configuration_aliases = [aws.us-east, aws.us-west] - } - } -} +# terraform { +# required_version = ">= 1.0" +# required_providers { +# aws = { +# source = "hashicorp/aws" +# version = "6.0.0-beta2" +# configuration_aliases = [aws.us-east, aws.us-west] +# } +# } +# } -provider "aws" { - alias = "us-east" - region = var.requestor_vpc_region -} +# provider "aws" { +# alias = "us-east" +# region = var.requestor_vpc_region +# } -provider "aws" { - alias = "us-west" - region = var.acceptor_region -} \ No newline at end of file +# provider "aws" { +# alias = "us-west" +# region = var.acceptor_region +# } \ No newline at end of file diff --git a/VPC-Peering/Environments/test/terraform.tfvars b/VPC-Peering/Environments/test/terraform.tfvars index 657d007..05b30ad 100644 --- a/VPC-Peering/Environments/test/terraform.tfvars +++ b/VPC-Peering/Environments/test/terraform.tfvars @@ -1,31 +1,31 @@ -### ------ requester VPC Variables ------ ### -requestor_vpc_region = "us-east-1" -environment = "test" -requester_vpc_cidr = "10.0.0.0/16" -requester_vpc_name = "requester-vpc" -requester_subnet1_cidr = "10.0.0.0/24" -requester_subnet1_name = "requester-subnet-1" -requester_subnet1_az = "us-east-1a" -requester_subnet2_name = "requester-subnet-2" -requester_subnet2_cidr = "10.0.1.0/24" -requester_subnet2_az = "us-east-1b" -requester_rt_name = "requester-route-table" -requester_vpc_pub_sub_cidr = "10.0.2.0/24" -requester_ami_id = "ami-0554aa6767e249943" -instance_type = "t2.micro" +# ### ------ requester VPC Variables ------ ### +# requestor_vpc_region = "us-east-1" +# environment = "test" +# requester_vpc_cidr = "10.0.0.0/16" +# requester_vpc_name = "requester-vpc" +# requester_subnet1_cidr = "10.0.0.0/24" +# requester_subnet1_name = "requester-subnet-1" +# requester_subnet1_az = "us-east-1a" +# requester_subnet2_name = "requester-subnet-2" +# requester_subnet2_cidr = "10.0.1.0/24" +# requester_subnet2_az = "us-east-1b" +# requester_rt_name = "requester-route-table" +# requester_vpc_pub_sub_cidr = "10.0.2.0/24" +# requester_ami_id = "ami-0554aa6767e249943" +# instance_type = "t2.micro" -### ------ acceptor VPC Variables ------ ### -acceptor_region = "us-west-2" -acceptor_cidr = "10.10.0.0/16" -acceptor_vpc_name = "acceptor-vpc" -acceptor_subnet1_cidr = "10.10.0.0/24" -acceptor_subnet1_name = "acceptor-subnet-1" -acceptor_subnet1_az = "us-west-2a" -acceptor_subnet2_name = "acceptor-subnet-2" -acceptor_subnet2_cidr = "10.10.1.0/24" -acceptor_subnet2_az = "us-west-2b" -acceptor_rt_name = "acceptor-route-table" -acceptor_pub_sub_cidr = "10.10.2.0/24" -map_public_ip_on_launch = false -acceptor_ami_id = "ami-04999cd8f2624f834" \ No newline at end of file +# ### ------ acceptor VPC Variables ------ ### +# acceptor_region = "us-west-2" +# acceptor_cidr = "10.10.0.0/16" +# acceptor_vpc_name = "acceptor-vpc" +# acceptor_subnet1_cidr = "10.10.0.0/24" +# acceptor_subnet1_name = "acceptor-subnet-1" +# acceptor_subnet1_az = "us-west-2a" +# acceptor_subnet2_name = "acceptor-subnet-2" +# acceptor_subnet2_cidr = "10.10.1.0/24" +# acceptor_subnet2_az = "us-west-2b" +# acceptor_rt_name = "acceptor-route-table" +# acceptor_pub_sub_cidr = "10.10.2.0/24" +# map_public_ip_on_launch = false +# acceptor_ami_id = "ami-04999cd8f2624f834" \ No newline at end of file diff --git a/VPC-Peering/Environments/test/variables.tf b/VPC-Peering/Environments/test/variables.tf index 9ec7a2d..6db73c3 100644 --- a/VPC-Peering/Environments/test/variables.tf +++ b/VPC-Peering/Environments/test/variables.tf @@ -1,195 +1,195 @@ -variable "environment" { - description = "The environment for the VPC (e.g., dev, staging, prod)" - type = string +# variable "environment" { +# description = "The environment for the VPC (e.g., dev, staging, prod)" +# type = string -} +# } -variable "requestor_vpc_region" { - description = "The AWS region for the source VPC" - type = string -} +# variable "requestor_vpc_region" { +# description = "The AWS region for the source VPC" +# type = string +# } -variable "acceptor_region" { - description = "The AWS region for the destination VPC" - type = string +# variable "acceptor_region" { +# description = "The AWS region for the destination VPC" +# type = string -} +# } -### Source VPC Variables ### +# ### Source VPC Variables ### -variable "requester_vpc_name" { - description = "Name for the source VPC" - type = string +# variable "requester_vpc_name" { +# description = "Name for the source VPC" +# type = string -} +# } -variable "requester_vpc_cidr" { - description = "CIDR block for the destination VPC" - type = string -} +# variable "requester_vpc_cidr" { +# description = "CIDR block for the destination VPC" +# type = string +# } -variable "requester_vpc_pub_sub_cidr" { - description = "CIDR block for the public subnet" - type = string -} +# variable "requester_vpc_pub_sub_cidr" { +# description = "CIDR block for the public subnet" +# type = string +# } -variable "requester_subnet1_cidr" { - description = "CIDR block for the first destination subnet" - type = string +# variable "requester_subnet1_cidr" { +# description = "CIDR block for the first destination subnet" +# type = string -} +# } -<<<<<<< HEAD -======= -} +# <<<<<<< HEAD +# ======= +# } ->>>>>>> main -variable "requester_subnet1_name" { - description = "Name for the first destination subnet" - type = string +# >>>>>>> main +# variable "requester_subnet1_name" { +# description = "Name for the first destination subnet" +# type = string -} +# } -variable "requester_subnet1_az" { - description = "Availability Zone for the first destination subnet" - type = string +# variable "requester_subnet1_az" { +# description = "Availability Zone for the first destination subnet" +# type = string -} +# } -variable "requester_subnet2_name" { - description = "Name for the second destination subnet" - type = string +# variable "requester_subnet2_name" { +# description = "Name for the second destination subnet" +# type = string -} +# } -variable "requester_subnet2_cidr" { - description = "CIDR block for the second destination subnet" - type = string +# variable "requester_subnet2_cidr" { +# description = "CIDR block for the second destination subnet" +# type = string -} +# } -variable "requester_subnet2_az" { - description = "Availability Zone for the second destination subnet" - type = string +# variable "requester_subnet2_az" { +# description = "Availability Zone for the second destination subnet" +# type = string -} +# } -variable "requester_rt_name" { - description = "Name for the destination route table" - type = string +# variable "requester_rt_name" { +# description = "Name for the destination route table" +# type = string -} +# } -### Acceptor VPC Variables ### +# ### Acceptor VPC Variables ### -variable "acceptor_vpc_name" { - description = "Name for the source VPC" - type = string +# variable "acceptor_vpc_name" { +# description = "Name for the source VPC" +# type = string -} -variable "acceptor_cidr" { - description = "CIDR block for the destination VPC" - type = string -} +# } +# variable "acceptor_cidr" { +# description = "CIDR block for the destination VPC" +# type = string +# } -variable "acceptor_subnet1_cidr" { - description = "CIDR block for the first destination subnet" - type = string +# variable "acceptor_subnet1_cidr" { +# description = "CIDR block for the first destination subnet" +# type = string -} +# } -<<<<<<< HEAD -======= -} +# <<<<<<< HEAD +# ======= +# } ->>>>>>> main -variable "acceptor_subnet1_name" { - description = "Name for the first destination subnet" - type = string +# >>>>>>> main +# variable "acceptor_subnet1_name" { +# description = "Name for the first destination subnet" +# type = string -} +# } -variable "acceptor_subnet1_az" { - description = "Availability Zone for the first destination subnet" - type = string +# variable "acceptor_subnet1_az" { +# description = "Availability Zone for the first destination subnet" +# type = string -} +# } -variable "acceptor_subnet2_name" { - description = "Name for the second destination subnet" - type = string +# variable "acceptor_subnet2_name" { +# description = "Name for the second destination subnet" +# type = string -} +# } -variable "acceptor_pub_sub_cidr" { - description = "CIDR block for the public subnet" -<<<<<<< HEAD - type = string -======= - type = string ->>>>>>> main -} +# variable "acceptor_pub_sub_cidr" { +# description = "CIDR block for the public subnet" +# <<<<<<< HEAD +# type = string +# ======= +# type = string +# >>>>>>> main +# } -variable "acceptor_subnet2_cidr" { - description = "CIDR block for the second destination subnet" - type = string +# variable "acceptor_subnet2_cidr" { +# description = "CIDR block for the second destination subnet" +# type = string -} +# } -variable "acceptor_subnet2_az" { - description = "Availability Zone for the second destination subnet" - type = string +# variable "acceptor_subnet2_az" { +# description = "Availability Zone for the second destination subnet" +# type = string -} +# } -variable "acceptor_rt_name" { - description = "Name for the destination route table" - type = string +# variable "acceptor_rt_name" { +# description = "Name for the destination route table" +# type = string -} -variable "map_public_ip_on_launch" { - description = "Whether to map public IPs on launch for subnets, defaults to false" - type = bool - default = false +# } +# variable "map_public_ip_on_launch" { +# description = "Whether to map public IPs on launch for subnets, defaults to false" +# type = bool +# default = false -} -variable "map_public_ip_on_launch" { - description = "Whether to map public IPs on launch for subnets, defaults to false" - type = bool - default = false +# } +# variable "map_public_ip_on_launch" { +# description = "Whether to map public IPs on launch for subnets, defaults to false" +# type = bool +# default = false -<<<<<<< HEAD -======= -} +# <<<<<<< HEAD +# ======= +# } ->>>>>>> main -### EC2 Instance Variables ### +# >>>>>>> main +# ### EC2 Instance Variables ### -variable "requester_ami_id" { - description = "ami id for the source VPC EC2 instance. MUST BE REGION SPECIFIC" - type = string -} +# variable "requester_ami_id" { +# description = "ami id for the source VPC EC2 instance. MUST BE REGION SPECIFIC" +# type = string +# } -variable "acceptor_ami_id" { - description = "ami id for the destination VPC EC2 instance. MUST BE REGION SPECIFIC" - type = string -} -variable "instance_type" { - description = "Instance type for the EC2 instances in both VPCs" - type = string - default = "t2.micro" -<<<<<<< HEAD -} -======= -} +# variable "acceptor_ami_id" { +# description = "ami id for the destination VPC EC2 instance. MUST BE REGION SPECIFIC" +# type = string +# } +# variable "instance_type" { +# description = "Instance type for the EC2 instances in both VPCs" +# type = string +# default = "t2.micro" +# <<<<<<< HEAD +# } +# ======= +# } ->>>>>>> main +# >>>>>>> main diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/01-source-vpc.tf b/VPC-Peering/Modules/single-vpc-to-vpc/01-source-vpc.tf index e66b3c5..4e43662 100644 --- a/VPC-Peering/Modules/single-vpc-to-vpc/01-source-vpc.tf +++ b/VPC-Peering/Modules/single-vpc-to-vpc/01-source-vpc.tf @@ -1,53 +1,58 @@ -#tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs -resource "aws_vpc" "requester_vpc" { - cidr_block = var.requester_vpc_cidr - instance_tenancy = "default" - enable_dns_support = true - enable_dns_hostnames = true - provider = aws.us-east +# #tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs +# <<<<<<< HEAD +# resource "aws_vpc" "requester_vpc" { +# cidr_block = var.requester_vpc_cidr +# ======= +# resource "aws_vpc" "source_vpc" { +# cidr_block = var.source_cidr +# >>>>>>> aab567e (changed a few things) +# instance_tenancy = "default" +# enable_dns_support = true +# enable_dns_hostnames = true +# provider = aws.us-east - tags = { - Name = var.requester_vpc_name - } -} +# tags = { +# Name = var.requester_vpc_name +# } +# } -### Elastic IP for NAT Gateway ### -resource "aws_eip" "requester_nat_eip" { - provider = aws.us-east +# ### Elastic IP for NAT Gateway ### +# resource "aws_eip" "requester_nat_eip" { +# provider = aws.us-east - tags = { - Name = "${var.requester_vpc_name}-nat-eip" - } +# tags = { +# Name = "${var.requester_vpc_name}-nat-eip" +# } - depends_on = [ aws_vpc.requester_vpc ] -} +# depends_on = [ aws_vpc.requester_vpc ] +# } -resource "aws_nat_gateway" "requester_nat_gw" { - provider = aws.us-east - allocation_id = aws_eip.requester_nat_eip.id - subnet_id = aws_subnet.requester_public_subnet.id +# resource "aws_nat_gateway" "requester_nat_gw" { +# provider = aws.us-east +# allocation_id = aws_eip.requester_nat_eip.id +# subnet_id = aws_subnet.requester_public_subnet.id - tags = { - Name = "${var.requester_vpc_name}-nat-gateway" - } +# tags = { +# Name = "${var.requester_vpc_name}-nat-gateway" +# } - depends_on = [aws_eip.requester_nat_eip ] -} -### Internet Gateway ### -resource "aws_internet_gateway" "this_igw" { - provider = aws.us-east - vpc_id = aws_vpc.requester_vpc.id +# depends_on = [aws_eip.requester_nat_eip ] +# } +# ### Internet Gateway ### +# resource "aws_internet_gateway" "this_igw" { +# provider = aws.us-east +# vpc_id = aws_vpc.requester_vpc.id - depends_on = [ aws_vpc.requester_vpc ] +# depends_on = [ aws_vpc.requester_vpc ] - tags = { - Name = "${var.requester_vpc_name}-igw" - } -} +# tags = { +# Name = "${var.requester_vpc_name}-igw" +# } +# } diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/02-destination-vpc.tf b/VPC-Peering/Modules/single-vpc-to-vpc/02-destination-vpc.tf index e574c69..f1c2fe6 100644 --- a/VPC-Peering/Modules/single-vpc-to-vpc/02-destination-vpc.tf +++ b/VPC-Peering/Modules/single-vpc-to-vpc/02-destination-vpc.tf @@ -1,57 +1,62 @@ -#tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs -resource "aws_vpc" "acceptor_vpc" { - cidr_block = var.acceptor_cidr - instance_tenancy = "default" - - enable_dns_support = true - enable_dns_hostnames = true - provider = aws.us-west +# #tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs +# <<<<<<< HEAD +# resource "aws_vpc" "acceptor_vpc" { +# cidr_block = var.acceptor_cidr +# ======= +# resource "aws_vpc" "destination_vpc" { +# cidr_block = var.dest_cidr +# >>>>>>> aab567e (changed a few things) +# instance_tenancy = "default" + +# enable_dns_support = true +# enable_dns_hostnames = true +# provider = aws.us-west - tags = { - Name = var.acceptor_vpc_name - Environment = var.environment - } -} +# tags = { +# Name = var.acceptor_vpc_name +# Environment = var.environment +# } +# } -### Elastic IP for NAT Gateway ### -resource "aws_eip" "acceptor_nat_eip" { - provider = aws.us-west +# ### Elastic IP for NAT Gateway ### +# resource "aws_eip" "acceptor_nat_eip" { +# provider = aws.us-west - tags = { - Name = "${var.acceptor_vpc_name}-nat-eip" - } +# tags = { +# Name = "${var.acceptor_vpc_name}-nat-eip" +# } - depends_on = [ aws_vpc.acceptor_vpc ] -} -resource "aws_nat_gateway" "acceptor_nat_gw" { - provider = aws.us-west - allocation_id = aws_eip.acceptor_nat_eip.id - subnet_id = aws_subnet.acceptor_public_subnet.id +# depends_on = [ aws_vpc.acceptor_vpc ] +# } +# resource "aws_nat_gateway" "acceptor_nat_gw" { +# provider = aws.us-west +# allocation_id = aws_eip.acceptor_nat_eip.id +# subnet_id = aws_subnet.acceptor_public_subnet.id - tags = { - Name = "${var.acceptor_vpc_name}-nat-gateway" - } +# tags = { +# Name = "${var.acceptor_vpc_name}-nat-gateway" +# } - depends_on = [ aws_eip.acceptor_nat_eip ] -} +# depends_on = [ aws_eip.acceptor_nat_eip ] +# } -### Internet Gateway ### -resource "aws_internet_gateway" "acceptor_igw" { - provider = aws.us-west - vpc_id = aws_vpc.acceptor_vpc.id +# ### Internet Gateway ### +# resource "aws_internet_gateway" "acceptor_igw" { +# provider = aws.us-west +# vpc_id = aws_vpc.acceptor_vpc.id - depends_on = [ aws_vpc.acceptor_vpc ] +# depends_on = [ aws_vpc.acceptor_vpc ] - tags = { - Name = "${var.acceptor_vpc_name}-igw" - } -<<<<<<< HEAD -} -======= -} +# tags = { +# Name = "${var.acceptor_vpc_name}-igw" +# } +# <<<<<<< HEAD +# } +# ======= +# } ->>>>>>> main +# >>>>>>> main diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/04-subnet.tf b/VPC-Peering/Modules/single-vpc-to-vpc/04-subnet.tf index 9d28536..5987c0d 100644 --- a/VPC-Peering/Modules/single-vpc-to-vpc/04-subnet.tf +++ b/VPC-Peering/Modules/single-vpc-to-vpc/04-subnet.tf @@ -1,78 +1,78 @@ -### Subnets for Source VPC ### -### Public Subnet ### -resource "aws_subnet" "requester_public_subnet" { - provider = aws.us-east - vpc_id = aws_vpc.requester_vpc.id - cidr_block = var.requester_vpc_pub_sub_cidr - availability_zone = var.requester_subnet1_az - map_public_ip_on_launch = var.map_public_ip_on_launch #tfsec:ignore:aws-ec2-no-public-ip-subnet +# ### Subnets for Source VPC ### +# ### Public Subnet ### +# resource "aws_subnet" "requester_public_subnet" { +# provider = aws.us-east +# vpc_id = aws_vpc.requester_vpc.id +# cidr_block = var.requester_vpc_pub_sub_cidr +# availability_zone = var.requester_subnet1_az +# map_public_ip_on_launch = var.map_public_ip_on_launch #tfsec:ignore:aws-ec2-no-public-ip-subnet - tags = { - Name = "${var.requester_vpc_name}-public-subnet" - } -} +# tags = { +# Name = "${var.requester_vpc_name}-public-subnet" +# } +# } -## Private Subnets ## -resource "aws_subnet" "requester_subnet1" { - provider = aws.us-east - vpc_id = aws_vpc.requester_vpc.id - cidr_block = var.requester_subnet1_cidr - availability_zone = var.requester_subnet1_az - map_public_ip_on_launch = var.map_public_ip_on_launch +# ## Private Subnets ## +# resource "aws_subnet" "requester_subnet1" { +# provider = aws.us-east +# vpc_id = aws_vpc.requester_vpc.id +# cidr_block = var.requester_subnet1_cidr +# availability_zone = var.requester_subnet1_az +# map_public_ip_on_launch = var.map_public_ip_on_launch - tags = { - Name = var.requester_subnet1_name - } -} +# tags = { +# Name = var.requester_subnet1_name +# } +# } -resource "aws_subnet" "requester_subnet2" { - provider = aws.us-east - vpc_id = aws_vpc.requester_vpc.id - cidr_block = var.requester_subnet2_cidr - availability_zone = var.requester_subnet2_az - map_public_ip_on_launch = var.map_public_ip_on_launch +# resource "aws_subnet" "requester_subnet2" { +# provider = aws.us-east +# vpc_id = aws_vpc.requester_vpc.id +# cidr_block = var.requester_subnet2_cidr +# availability_zone = var.requester_subnet2_az +# map_public_ip_on_launch = var.map_public_ip_on_launch - tags = { - Name = var.requester_subnet2_name - } -} +# tags = { +# Name = var.requester_subnet2_name +# } +# } -### Subnets for Destination VPC ### -resource "aws_subnet" "acceptor_subnet1" { - provider = aws.us-west - vpc_id = aws_vpc.acceptor_vpc.id - cidr_block = var.acceptor_subnet1_cidr - availability_zone = var.acceptor_subnet1_az - map_public_ip_on_launch = var.map_public_ip_on_launch +# ### Subnets for Destination VPC ### +# resource "aws_subnet" "acceptor_subnet1" { +# provider = aws.us-west +# vpc_id = aws_vpc.acceptor_vpc.id +# cidr_block = var.acceptor_subnet1_cidr +# availability_zone = var.acceptor_subnet1_az +# map_public_ip_on_launch = var.map_public_ip_on_launch - tags = { - Name = var.acceptor_subnet1_name - } -} +# tags = { +# Name = var.acceptor_subnet1_name +# } +# } -resource "aws_subnet" "acceptor_subnet2" { - provider = aws.us-west - vpc_id = aws_vpc.acceptor_vpc.id - cidr_block = var.acceptor_subnet2_cidr - availability_zone = var.acceptor_subnet2_az - map_public_ip_on_launch = var.map_public_ip_on_launch +# resource "aws_subnet" "acceptor_subnet2" { +# provider = aws.us-west +# vpc_id = aws_vpc.acceptor_vpc.id +# cidr_block = var.acceptor_subnet2_cidr +# availability_zone = var.acceptor_subnet2_az +# map_public_ip_on_launch = var.map_public_ip_on_launch - tags = { - Name = var.acceptor_subnet2_name - } -} +# tags = { +# Name = var.acceptor_subnet2_name +# } +# } -### Public Subnet ### -resource "aws_subnet" "acceptor_public_subnet" { - provider = aws.us-west - vpc_id = aws_vpc.acceptor_vpc.id - cidr_block = var.acceptor_pub_sub_cidr - availability_zone = var.acceptor_subnet1_az - map_public_ip_on_launch = var.map_public_ip_on_launch #tfsec:ignore:aws-ec2-no-public-ip-subnet +# ### Public Subnet ### +# resource "aws_subnet" "acceptor_public_subnet" { +# provider = aws.us-west +# vpc_id = aws_vpc.acceptor_vpc.id +# cidr_block = var.acceptor_pub_sub_cidr +# availability_zone = var.acceptor_subnet1_az +# map_public_ip_on_launch = var.map_public_ip_on_launch #tfsec:ignore:aws-ec2-no-public-ip-subnet - tags = { - Name = "${var.acceptor_vpc_name}-public-subnet" - } -} \ No newline at end of file +# tags = { +# Name = "${var.acceptor_vpc_name}-public-subnet" +# } +# } \ No newline at end of file diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/05-EC2.tf b/VPC-Peering/Modules/single-vpc-to-vpc/05-EC2.tf index 2e4c399..7e23ece 100644 --- a/VPC-Peering/Modules/single-vpc-to-vpc/05-EC2.tf +++ b/VPC-Peering/Modules/single-vpc-to-vpc/05-EC2.tf @@ -1,46 +1,46 @@ -### EC2 Instance in Source VPC ### -resource "aws_instance" "source_instance" { - provider = aws.us-east - ami = var.requester_ami_id # use the ami from your specific region - instance_type = var.instance_type - iam_instance_profile = aws_iam_instance_profile.ssm_profile.name - subnet_id = aws_subnet.requester_subnet1.id ## Ensure this is the private subnet, for SSM access - vpc_security_group_ids = [aws_security_group.requester_sg.id] - metadata_options { - http_tokens = "required" - } - root_block_device { - encrypted = true - } - tags = { - Name = "${var.requester_vpc_name}-instance" - } +# ### EC2 Instance in Source VPC ### +# resource "aws_instance" "source_instance" { +# provider = aws.us-east +# ami = var.requester_ami_id # use the ami from your specific region +# instance_type = var.instance_type +# iam_instance_profile = aws_iam_instance_profile.ssm_profile.name +# subnet_id = aws_subnet.requester_subnet1.id ## Ensure this is the private subnet, for SSM access +# vpc_security_group_ids = [aws_security_group.requester_sg.id] +# metadata_options { +# http_tokens = "required" +# } +# root_block_device { +# encrypted = true +# } +# tags = { +# Name = "${var.requester_vpc_name}-instance" +# } - depends_on = [aws_vpc.requester_vpc, aws_subnet.requester_subnet1] -} +# depends_on = [aws_vpc.requester_vpc, aws_subnet.requester_subnet1] +# } -### EC2 Instance in Destination VPC ### -resource "aws_instance" "acceptor_instance" { - provider = aws.us-west - ami = var.acceptor_ami_id # use the ami from your specific region - instance_type = var.instance_type - iam_instance_profile = aws_iam_instance_profile.ssm_profile.name - subnet_id = aws_subnet.acceptor_subnet1.id ## Ensure this is the private subnet, for SSM access - vpc_security_group_ids = [aws_security_group.acceptor_sg.id] - metadata_options { - http_tokens = "required" - } +# ### EC2 Instance in Destination VPC ### +# resource "aws_instance" "acceptor_instance" { +# provider = aws.us-west +# ami = var.acceptor_ami_id # use the ami from your specific region +# instance_type = var.instance_type +# iam_instance_profile = aws_iam_instance_profile.ssm_profile.name +# subnet_id = aws_subnet.acceptor_subnet1.id ## Ensure this is the private subnet, for SSM access +# vpc_security_group_ids = [aws_security_group.acceptor_sg.id] +# metadata_options { +# http_tokens = "required" +# } - root_block_device { - encrypted = true - } - tags = { - Name = "${var.acceptor_vpc_name}-instance" - } +# root_block_device { +# encrypted = true +# } +# tags = { +# Name = "${var.acceptor_vpc_name}-instance" +# } - depends_on = [aws_vpc.acceptor_vpc, aws_subnet.acceptor_subnet1] -<<<<<<< HEAD -} -======= -} ->>>>>>> main +# depends_on = [aws_vpc.acceptor_vpc, aws_subnet.acceptor_subnet1] +# <<<<<<< HEAD +# } +# ======= +# } +# >>>>>>> main diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/06-security-groups.tf b/VPC-Peering/Modules/single-vpc-to-vpc/06-security-groups.tf index d2aa167..07ce5fb 100644 --- a/VPC-Peering/Modules/single-vpc-to-vpc/06-security-groups.tf +++ b/VPC-Peering/Modules/single-vpc-to-vpc/06-security-groups.tf @@ -1,73 +1,73 @@ -### -------------- Security Group for Source VPC ------------- ### -resource "aws_security_group" "requester_sg" { - provider = aws.us-east - vpc_id = aws_vpc.requester_vpc.id - description = "Security group for source VPC" -} - -resource "aws_security_group_rule" "icmp_source" { - provider = aws.us-east - type = "ingress" - from_port = -1 - to_port = -1 - protocol = "icmp" - security_group_id = aws_security_group.requester_sg.id - cidr_blocks = [var.acceptor_cidr] +# ### -------------- Security Group for Source VPC ------------- ### +# resource "aws_security_group" "requester_sg" { +# provider = aws.us-east +# vpc_id = aws_vpc.requester_vpc.id +# description = "Security group for source VPC" +# } + +# resource "aws_security_group_rule" "icmp_source" { +# provider = aws.us-east +# type = "ingress" +# from_port = -1 +# to_port = -1 +# protocol = "icmp" +# security_group_id = aws_security_group.requester_sg.id +# cidr_blocks = [var.acceptor_cidr] - description = "Allow ICMP from destination VPC" +# description = "Allow ICMP from destination VPC" - depends_on = [ aws_security_group.requester_sg ] -} +# depends_on = [ aws_security_group.requester_sg ] +# } -resource "aws_vpc_security_group_egress_rule" "source_egress" { - security_group_id = aws_security_group.requester_sg.id - provider = aws.us-east +# resource "aws_vpc_security_group_egress_rule" "source_egress" { +# security_group_id = aws_security_group.requester_sg.id +# provider = aws.us-east - cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr - ip_protocol = "-1" +# cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr +# ip_protocol = "-1" -} +# } -### ---------------- Destination VPC Security Group ------------- ### +# ### ---------------- Destination VPC Security Group ------------- ### -### Security Group for destination VPC ### +# ### Security Group for destination VPC ### -resource "aws_security_group" "acceptor_sg" { - provider = aws.us-west - vpc_id = aws_vpc.acceptor_vpc.id - description = "Security group for destination VPC" -} +# resource "aws_security_group" "acceptor_sg" { +# provider = aws.us-west +# vpc_id = aws_vpc.acceptor_vpc.id +# description = "Security group for destination VPC" +# } -resource "aws_security_group_rule" "icmp_dest" { - provider = aws.us-west - type = "ingress" - from_port = -1 - to_port = -1 - protocol = "icmp" - security_group_id = aws_security_group.acceptor_sg.id - cidr_blocks = [var.requester_vpc_cidr] +# resource "aws_security_group_rule" "icmp_dest" { +# provider = aws.us-west +# type = "ingress" +# from_port = -1 +# to_port = -1 +# protocol = "icmp" +# security_group_id = aws_security_group.acceptor_sg.id +# cidr_blocks = [var.requester_vpc_cidr] - description = "Allow ICMP from source VPC" +# description = "Allow ICMP from source VPC" - depends_on = [ aws_security_group.acceptor_sg ] -} +# depends_on = [ aws_security_group.acceptor_sg ] +# } -resource "aws_vpc_security_group_egress_rule" "dest_egress" { - security_group_id = aws_security_group.acceptor_sg.id - provider = aws.us-west +# resource "aws_vpc_security_group_egress_rule" "dest_egress" { +# security_group_id = aws_security_group.acceptor_sg.id +# provider = aws.us-west - cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr - ip_protocol = "-1" +# cidr_ipv4 = "0.0.0.0/0" #tfsec:ignore:aws-vpc-no-public-egress-sgr +# ip_protocol = "-1" -<<<<<<< HEAD -} -======= -} ->>>>>>> main +# <<<<<<< HEAD +# } +# ======= +# } +# >>>>>>> main diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/07-route-tables.tf b/VPC-Peering/Modules/single-vpc-to-vpc/07-route-tables.tf index 21cfe23..2c224e2 100644 --- a/VPC-Peering/Modules/single-vpc-to-vpc/07-route-tables.tf +++ b/VPC-Peering/Modules/single-vpc-to-vpc/07-route-tables.tf @@ -1,85 +1,85 @@ -### Source/Requester VPC Route Tables ### +# ### Source/Requester VPC Route Tables ### -resource "aws_route_table" "requestor_rt" { - vpc_id = aws_vpc.requester_vpc.id - provider = aws.us-east +# resource "aws_route_table" "requestor_rt" { +# vpc_id = aws_vpc.requester_vpc.id +# provider = aws.us-east - route { - cidr_block = var.acceptor_cidr - vpc_peering_connection_id = aws_vpc_peering_connection.this_connection.id - } - route { - cidr_block = "0.0.0.0/0" - nat_gateway_id = aws_nat_gateway.requester_nat_gw.id +# route { +# cidr_block = var.acceptor_cidr +# vpc_peering_connection_id = aws_vpc_peering_connection.this_connection.id +# } +# route { +# cidr_block = "0.0.0.0/0" +# nat_gateway_id = aws_nat_gateway.requester_nat_gw.id - } - tags = { - Name = var.requester_rt_name - } - depends_on = [ aws_vpc.requester_vpc ] -} +# } +# tags = { +# Name = var.requester_rt_name +# } +# depends_on = [ aws_vpc.requester_vpc ] +# } -### Public route table for source VPC ### -resource "aws_route_table" "public_source_rt" { - vpc_id = aws_vpc.requester_vpc.id - provider = aws.us-east +# ### Public route table for source VPC ### +# resource "aws_route_table" "public_source_rt" { +# vpc_id = aws_vpc.requester_vpc.id +# provider = aws.us-east - route { - cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.this_igw.id - } +# route { +# cidr_block = "0.0.0.0/0" +# gateway_id = aws_internet_gateway.this_igw.id +# } - route { - cidr_block = var.acceptor_cidr - vpc_peering_connection_id = aws_vpc_peering_connection.this_connection.id - } - tags = { - Name = "${var.requester_vpc_name}-public-route-table" - } - depends_on = [ aws_vpc.requester_vpc ] -} +# route { +# cidr_block = var.acceptor_cidr +# vpc_peering_connection_id = aws_vpc_peering_connection.this_connection.id +# } +# tags = { +# Name = "${var.requester_vpc_name}-public-route-table" +# } +# depends_on = [ aws_vpc.requester_vpc ] +# } -### Destination/ Accepter VPC Route Tables ### +# ### Destination/ Accepter VPC Route Tables ### -### Private route table for destination VPC ### -resource "aws_route_table" "this_rt" { - vpc_id = aws_vpc.acceptor_vpc.id - provider = aws.us-west +# ### Private route table for destination VPC ### +# resource "aws_route_table" "this_rt" { +# vpc_id = aws_vpc.acceptor_vpc.id +# provider = aws.us-west - route { - cidr_block = var.requester_vpc_cidr - vpc_peering_connection_id = aws_vpc_peering_connection.this_connection.id - } - route { - cidr_block = "0.0.0.0/0" - nat_gateway_id = aws_nat_gateway.acceptor_nat_gw.id - } +# route { +# cidr_block = var.requester_vpc_cidr +# vpc_peering_connection_id = aws_vpc_peering_connection.this_connection.id +# } +# route { +# cidr_block = "0.0.0.0/0" +# nat_gateway_id = aws_nat_gateway.acceptor_nat_gw.id +# } - tags = { - Name = var.acceptor_rt_name - } - depends_on = [ aws_vpc.acceptor_vpc ] -} +# tags = { +# Name = var.acceptor_rt_name +# } +# depends_on = [ aws_vpc.acceptor_vpc ] +# } -### Route Table for Public Subnet ### -resource "aws_route_table" "this_pub_rt" { - vpc_id = aws_vpc.acceptor_vpc.id - provider = aws.us-west +# ### Route Table for Public Subnet ### +# resource "aws_route_table" "this_pub_rt" { +# vpc_id = aws_vpc.acceptor_vpc.id +# provider = aws.us-west - route { - cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.acceptor_igw.id +# route { +# cidr_block = "0.0.0.0/0" +# gateway_id = aws_internet_gateway.acceptor_igw.id - } +# } - tags = { - Name = "${var.acceptor_vpc_name}-public-route-table" - } - depends_on = [ aws_vpc.acceptor_vpc ] -<<<<<<< HEAD -} -======= -} +# tags = { +# Name = "${var.acceptor_vpc_name}-public-route-table" +# } +# depends_on = [ aws_vpc.acceptor_vpc ] +# <<<<<<< HEAD +# } +# ======= +# } ->>>>>>> main +# >>>>>>> main diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/09-iam.tf b/VPC-Peering/Modules/single-vpc-to-vpc/09-iam.tf index c2d087f..1c3f790 100644 --- a/VPC-Peering/Modules/single-vpc-to-vpc/09-iam.tf +++ b/VPC-Peering/Modules/single-vpc-to-vpc/09-iam.tf @@ -1,91 +1,91 @@ -### use the IAM policy created for SSM ### +# ### use the IAM policy created for SSM ### -resource "aws_iam_policy" "ssm_policy" { - name = "AmazonSSMManagedInstanceCore" - path = "/" - description = "SSM policy" +# resource "aws_iam_policy" "ssm_policy" { +# name = "AmazonSSMManagedInstanceCore" +# path = "/" +# description = "SSM policy" - # Terraform's "jsonencode" function converts a - # Terraform expression result to valid JSON syntax. - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - "Effect": "Allow", - "Action": [ - "ssm:DescribeAssociation", - "ssm:GetDeployablePatchSnapshotForInstance", - "ssm:GetDocument", - "ssm:DescribeDocument", - "ssm:GetManifest", - "ssm:GetParameter", - "ssm:GetParameters", - "ssm:ListAssociations", - "ssm:ListInstanceAssociations", - "ssm:PutInventory", - "ssm:PutComplianceItems", - "ssm:PutConfigurePackageResult", - "ssm:UpdateAssociationStatus", - "ssm:UpdateInstanceAssociationStatus", - "ssm:UpdateInstanceInformation" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "ssmmessages:CreateControlChannel", - "ssmmessages:CreateDataChannel", - "ssmmessages:OpenControlChannel", - "ssmmessages:OpenDataChannel" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "ec2messages:AcknowledgeMessage", - "ec2messages:DeleteMessage", - "ec2messages:FailMessage", - "ec2messages:GetEndpoint", - "ec2messages:GetMessages", - "ec2messages:SendReply" - ], - "Resource": "*" - } - ] - }) -} +# # Terraform's "jsonencode" function converts a +# # Terraform expression result to valid JSON syntax. +# policy = jsonencode({ +# Version = "2012-10-17" +# Statement = [ +# { +# "Effect": "Allow", +# "Action": [ +# "ssm:DescribeAssociation", +# "ssm:GetDeployablePatchSnapshotForInstance", +# "ssm:GetDocument", +# "ssm:DescribeDocument", +# "ssm:GetManifest", +# "ssm:GetParameter", +# "ssm:GetParameters", +# "ssm:ListAssociations", +# "ssm:ListInstanceAssociations", +# "ssm:PutInventory", +# "ssm:PutComplianceItems", +# "ssm:PutConfigurePackageResult", +# "ssm:UpdateAssociationStatus", +# "ssm:UpdateInstanceAssociationStatus", +# "ssm:UpdateInstanceInformation" +# ], +# "Resource": "*" +# }, +# { +# "Effect": "Allow", +# "Action": [ +# "ssmmessages:CreateControlChannel", +# "ssmmessages:CreateDataChannel", +# "ssmmessages:OpenControlChannel", +# "ssmmessages:OpenDataChannel" +# ], +# "Resource": "*" +# }, +# { +# "Effect": "Allow", +# "Action": [ +# "ec2messages:AcknowledgeMessage", +# "ec2messages:DeleteMessage", +# "ec2messages:FailMessage", +# "ec2messages:GetEndpoint", +# "ec2messages:GetMessages", +# "ec2messages:SendReply" +# ], +# "Resource": "*" +# } +# ] +# }) +# } -data "aws_iam_policy_document" "ssm_policy_doc" { - statement { - actions = [ - "sts:AssumeRole" - ] - principals { - type = "Service" - identifiers = ["ec2.amazonaws.com"] - } - effect = "Allow" - } -} +# data "aws_iam_policy_document" "ssm_policy_doc" { +# statement { +# actions = [ +# "sts:AssumeRole" +# ] +# principals { +# type = "Service" +# identifiers = ["ec2.amazonaws.com"] +# } +# effect = "Allow" +# } +# } -resource "aws_iam_role" "ssm_role" { - name = "AmazonSSMManagedInstanceCore1" - assume_role_policy = data.aws_iam_policy_document.ssm_policy_doc.json -} +# resource "aws_iam_role" "ssm_role" { +# name = "AmazonSSMManagedInstanceCore1" +# assume_role_policy = data.aws_iam_policy_document.ssm_policy_doc.json +# } -resource "aws_iam_role_policy_attachment" "attach_ssm_policy" { - role = aws_iam_role.ssm_role.name - policy_arn = aws_iam_policy.ssm_policy.arn -} +# resource "aws_iam_role_policy_attachment" "attach_ssm_policy" { +# role = aws_iam_role.ssm_role.name +# policy_arn = aws_iam_policy.ssm_policy.arn +# } -resource "aws_iam_instance_profile" "ssm_profile" { - name = "AmazonSSMManagedInstanceCore2" - role = aws_iam_role.ssm_role.name -<<<<<<< HEAD -} -======= -} +# resource "aws_iam_instance_profile" "ssm_profile" { +# name = "AmazonSSMManagedInstanceCore2" +# role = aws_iam_role.ssm_role.name +# <<<<<<< HEAD +# } +# ======= +# } ->>>>>>> main +# >>>>>>> main diff --git a/VPC-Peering/Modules/single-vpc-to-vpc/10-variables.tf b/VPC-Peering/Modules/single-vpc-to-vpc/10-variables.tf index 933a272..370f6d4 100644 --- a/VPC-Peering/Modules/single-vpc-to-vpc/10-variables.tf +++ b/VPC-Peering/Modules/single-vpc-to-vpc/10-variables.tf @@ -1,163 +1,163 @@ -variable "environment" { - description = "The environment for the VPC (e.g., dev, staging, prod)" - type = string +# variable "environment" { +# description = "The environment for the VPC (e.g., dev, staging, prod)" +# type = string -} +# } -variable "requestor_vpc_region" { - description = "The AWS region for the source VPC" - type = string -} +# variable "requestor_vpc_region" { +# description = "The AWS region for the source VPC" +# type = string +# } -variable "acceptor_region" { - description = "The AWS region for the destination VPC" - type = string +# variable "acceptor_region" { +# description = "The AWS region for the destination VPC" +# type = string -} +# } -### Source VPC Variables ### +# ### Source VPC Variables ### -variable "requester_vpc_name" { - description = "Name for the source VPC" - type = string +# variable "requester_vpc_name" { +# description = "Name for the source VPC" +# type = string -} +# } -variable "requester_vpc_cidr" { - description = "CIDR block for the destination VPC" - type = string -} +# variable "requester_vpc_cidr" { +# description = "CIDR block for the destination VPC" +# type = string +# } -variable "requester_vpc_pub_sub_cidr" { - description = "CIDR block for the public subnet" - type = string -} +# variable "requester_vpc_pub_sub_cidr" { +# description = "CIDR block for the public subnet" +# type = string +# } -variable "requester_subnet1_cidr" { - description = "CIDR block for the first destination subnet" - type = string +# variable "requester_subnet1_cidr" { +# description = "CIDR block for the first destination subnet" +# type = string -} +# } -variable "requester_subnet1_name" { - description = "Name for the first destination subnet" - type = string +# variable "requester_subnet1_name" { +# description = "Name for the first destination subnet" +# type = string -} +# } -variable "requester_subnet1_az" { - description = "Availability Zone for the first destination subnet" - type = string +# variable "requester_subnet1_az" { +# description = "Availability Zone for the first destination subnet" +# type = string -} +# } -variable "requester_subnet2_name" { - description = "Name for the second destination subnet" - type = string +# variable "requester_subnet2_name" { +# description = "Name for the second destination subnet" +# type = string -} +# } -variable "requester_subnet2_cidr" { - description = "CIDR block for the second destination subnet" - type = string +# variable "requester_subnet2_cidr" { +# description = "CIDR block for the second destination subnet" +# type = string -} +# } -variable "requester_subnet2_az" { - description = "Availability Zone for the second destination subnet" - type = string +# variable "requester_subnet2_az" { +# description = "Availability Zone for the second destination subnet" +# type = string -} +# } -variable "requester_rt_name" { - description = "Name for the destination route table" - type = string +# variable "requester_rt_name" { +# description = "Name for the destination route table" +# type = string -} +# } -### Acceptor VPC Variables ### +# ### Acceptor VPC Variables ### -variable "acceptor_vpc_name" { - description = "Name for the source VPC" - type = string +# variable "acceptor_vpc_name" { +# description = "Name for the source VPC" +# type = string -} -variable "acceptor_cidr" { - description = "CIDR block for the destination VPC" - type = string -} +# } +# variable "acceptor_cidr" { +# description = "CIDR block for the destination VPC" +# type = string +# } -variable "acceptor_subnet1_cidr" { - description = "CIDR block for the first destination subnet" - type = string +# variable "acceptor_subnet1_cidr" { +# description = "CIDR block for the first destination subnet" +# type = string -} +# } -variable "acceptor_subnet1_name" { - description = "Name for the first destination subnet" - type = string +# variable "acceptor_subnet1_name" { +# description = "Name for the first destination subnet" +# type = string -} +# } -variable "acceptor_subnet1_az" { - description = "Availability Zone for the first destination subnet" - type = string +# variable "acceptor_subnet1_az" { +# description = "Availability Zone for the first destination subnet" +# type = string -} +# } -variable "acceptor_subnet2_name" { - description = "Name for the second destination subnet" - type = string +# variable "acceptor_subnet2_name" { +# description = "Name for the second destination subnet" +# type = string -} +# } -variable "acceptor_pub_sub_cidr" { - description = "CIDR block for the public subnet" - type = string -} +# variable "acceptor_pub_sub_cidr" { +# description = "CIDR block for the public subnet" +# type = string +# } -variable "acceptor_subnet2_cidr" { - description = "CIDR block for the second destination subnet" - type = string +# variable "acceptor_subnet2_cidr" { +# description = "CIDR block for the second destination subnet" +# type = string -} +# } -variable "acceptor_subnet2_az" { - description = "Availability Zone for the second destination subnet" - type = string +# variable "acceptor_subnet2_az" { +# description = "Availability Zone for the second destination subnet" +# type = string -} +# } -variable "acceptor_rt_name" { - description = "Name for the destination route table" - type = string +# variable "acceptor_rt_name" { +# description = "Name for the destination route table" +# type = string -} -variable "map_public_ip_on_launch" { - description = "Whether to map public IPs on launch for subnets, defaults to false" - type = bool - default = false +# } +# variable "map_public_ip_on_launch" { +# description = "Whether to map public IPs on launch for subnets, defaults to false" +# type = bool +# default = false -} +# } -### EC2 Instance Variables ### +# ### EC2 Instance Variables ### -variable "requester_ami_id" { - description = "ami id for the source VPC EC2 instance. MUST BE REGION SPECIFIC" - type = string -} +# variable "requester_ami_id" { +# description = "ami id for the source VPC EC2 instance. MUST BE REGION SPECIFIC" +# type = string +# } -variable "acceptor_ami_id" { - description = "ami id for the destination VPC EC2 instance. MUST BE REGION SPECIFIC" - type = string -} -variable "instance_type" { - description = "Instance type for the EC2 instances in both VPCs" - type = string - default = "t2.micro" -} \ No newline at end of file +# variable "acceptor_ami_id" { +# description = "ami id for the destination VPC EC2 instance. MUST BE REGION SPECIFIC" +# type = string +# } +# variable "instance_type" { +# description = "Instance type for the EC2 instances in both VPCs" +# type = string +# default = "t2.micro" +# } \ No newline at end of file