Testing

.github/workflows/trivy.yaml

@@ -10,6 +10,32 @@ permissions:
   packages: write
 
 jobs:
+<<<<<<< HEAD
+=======
+  trivy:
+    name: Trivy Vulnerability Scan
+    runs-on: ubuntu-latest
+    steps:
+     - name: Checkout code
+       uses: actions/checkout@v4
+
+     - name: Run Tricy vulnerabiltiy scanner in repo mode
+       uses: aquasecurity/trivy-action@0.28.0
+       with:
+         scan-type: 'fs'
+         scan-path: '.'
+         severity: 'CRITICAL'
+         format: 'sarif'
+         output: 'trivy-results.sarif'
+         ignore-unfixed: true
+
+     - name: Upload Trivy scan results to GitHub Security tab
+       uses: github/codeql-action/upload-sarif@v3
+       with:
+        sarif_file: 'trivy-results.sarif'
+#
+
+>>>>>>> 6963c00 (another one)
   iac_scan:
     name: iac_scan
     runs-on: ubuntu-24.04

.github/workflows/unit-testing.yaml

@@ -0,0 +1,101 @@
+name: Unit Testing
+
+on:
+  workflow_dispatch:
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+####
+jobs:
+  tf-formatting:
+    name: 'Terraform Formatting'
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout GitHub Repo'
+        uses: actions/checkout@v4
+
+      - name: 'Set up Terraform'
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: 'latest'
+
+      - name: 'Terraform init'
+        run: terraform init
+
+      - name: 'Terraform Format'
+        run: terraform fmt -check
+
+      - name: 'Terraform validate'
+        run: terraform validate
+
+      - name: 'TFLint'
+        run: |
+          tflint --init
+          tflint
+####
+  trivy:
+    name: Trivy Vulnerability Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@0.28.0
+        with:
+          scan-type: 'fs'
+          severity: 'CRITICAL'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          ignore-unfixed: true
+####
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+  iac_scan:
+    name: IaC Scan
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy vulnerability scanner in IaC mode
+        uses: aquasecurity/trivy-action@0.28.0
+        with:
+          scan-type: 'config'
+          hide-progress: false
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          exit-code: '1'
+          severity: 'CRITICAL'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+  tfsec:
+    name: 'tfsec'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: 'Install Tfsec'
+        uses: aquasecurity/tfsec-sarif-action@21ded20e8ca120cd9d3d6ab04ef746477542a608
+        with:
+          sarif_file: tfsec.sarif
+#####
+  checkov:
+    name: Run Checkov
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Run Checkov'
+        uses: bridgecrewio/checkov-action@v12
+        with:
+          output_format: cli,sarif
+          output_file_path: console,results.sarif

.gitignore

@@ -0,0 +1 @@
+.terraform/

Azure-WAN/.gitignore

@@ -0,0 +1,41 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+.terraform.lock.hcl
+
+# Ignore the .DS_Store files created by macOS
+.DS_Store

Documentation

@@ -0,0 +1,46 @@
+#########################################################
+# Topics I'm going to explore in this module
+#########################################################
+
+
+### Conditional logic
+    - Conditionally create VPC
+    - Based off the bool the subsequent resources associated to the VPC will be created or not
+    - Create IGW based off of bool
+        - That IGW should then have logic in a locals variable, that says. "if the vpc bool == true and the public route table == true then create a route to the internet gateway" 
+            - example logic:
+                locals{
+                    create_route_to_igw = var.create_vpc && var.create_igw && local.create_public_route_table
+                }
+    - Create NAT Gateway based off of bool
+        - That NAT should then have logic in a locals variable, that says. "if the vpc bool == true and the private subnet creation == true then create a route to the NAT gateway" 
+            - example logic:
+                locals{
+                    create_route_to_nat = var.create_vpc && var.create_igw && local.create_private_route_table
+                }
+### Count
+    - Couple conditional logic with the Count meta argument
+        - Based off of the conditions bool will determine how many of the VPCs are created
+
+### Dynamic Resource Allocation
+    - Based on how many VPCs are created will result in how many Private, Public Subnets are created
+    - Along with Route tables for Public and Private subs
+    - Internet Gateway
+    - NAT Gateway
+
+### Dynamic CIDR Blocks
+    - Use one of the Terraform functions to create CIDRs for subnets based off of the VPC created.
+
+### Dynamic Resource Creation:
+    - allow the user to specify how many of a given resource is created
+    -
+
+### map(string) variables for tags with string interpolation
+    - Name
+    - Environment
+        - example:
+            variable "tags"{
+                description = "tags for each resource"
+                type = map(string)
+                default = {}
+            }

IAM/.gitignore

@@ -0,0 +1,41 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+.terraform.lock.hcl
+
+# Ignore the .DS_Store files created by macOS
+.DS_Store

IAM/CloudWatch-Logging/.gitignore

@@ -0,0 +1,41 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+.terraform.lock.hcl
+
+# Ignore the .DS_Store files created by macOS
+.DS_Store

IAM/SSM-Policy/.gitignore

@@ -0,0 +1,41 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+.terraform.lock.hcl
+
+# Ignore the .DS_Store files created by macOS
+.DS_Store