HistoryPurge: Clearing 17 old commits

Modules/Compute/ec2/main.tf

@@ -0,0 +1,26 @@
+resource "aws_instance" "example" {
+  ami           = "ami-0157c3cc39a1c5cc0"
+  instance_type = "t4g.large"
+  subnet_id     = "subnet-0927ba1b06ccfe6c5"
+  key_name      = aws_key_pair.this.key_name
+
+  # IMDSv2 requirement
+  dynamic "metadata_options" {
+    for_each = var.disable_secure_idmsv2 == false ? { set_idmsv2 : true } : {}
+    content {
+      http_endpoint               = "enabled"
+      http_tokens                 = "required"
+      http_put_response_hop_limit = 2
+    }
+  }
+  tags          = { Name : var.name }
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "ED25519"
+}
+
+resource "aws_key_pair" "this" {
+  key_name   = "${var.name}-sshkey"
+  public_key = tls_private_key.this.public_key_openssh
+}

Modules/Compute/ec2/provider.tf

@@ -0,0 +1,28 @@
+provider "aws" {
+  region = "ap-east-1"
+
+  default_tags {
+    tags = {
+      ServiceProvider     = "RackspaceTechnology"
+      Environment         = "Training"
+      Project             = "Iac"
+      TerraformMode       = "managed"
+      Owner               = "ken2026"
+      TerraformDir        = "${reverse(split("/", path.cwd))[1]}/${reverse(split("/", path.cwd))[0]}"
+    }
+  }
+}
+
+output "last-updated" {
+  value = timestamp()
+}
+
+terraform {
+  required_version = ">= 1.3.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
+  }
+}

Modules/Compute/ec2/variables.tf

@@ -0,0 +1,10 @@
+variable "name" {
+  type        = string
+  description = "Name of Ec2 instance"
+}
+
+variable "disable_secure_idmsv2" {
+  type        = bool
+  default     = false
+  description = "Allow use of insecure idmsv1. Default is false."
+}

Modules/Compute/security_group/README.md

@@ -0,0 +1,44 @@
+# security-group
+This module create security group.
+
+## Inputs
+
+| Name    | Description       | Type     | Default | Required |
+|---------|-------------------|----------|---------|:--------:|
+| vpc-id  | VPC id            | string   | n/a     |   yes    |
+| ingress | See example below | map      | n/a     |   yes    |
+| egress  | See example below | map      | n/a     |   yes    |
+
+## Outputs
+
+| Name       | Description                    |
+|------------|--------------------------------|
+| sg-id-name | A map of SG id and their names |
+
+### Example
+Below is a sample root module calling this shared module 
+
+```hcl
+module "admin-sg" {
+
+  source = "../../modules/compute/security_group"
+
+  description = "Security group for admins"
+  egress = {
+    r1 = "tcp,4750,4750,1.2.3.4/32,Patch Management Tool"
+    r2 = "tcp,22,22,1.2.3.4/32,Patch Management Tool"
+    r3 = "tcp,52311,52311,${aws_ec2_managed_prefix_list.bigfix.id},Client to BigFix server"
+    r4 = "-1,-1,-1,0.0.0.0/0,Outbound access"
+  }
+  ingress = {
+    r1  = "tcp,4750,4750,1.2.3.4/32,Patch Management Tool"
+    r2  = "tcp,22,22,1.2.3.4/32,Patch Management Tool"
+    r3  = "tcp,52311,52311,${aws_ec2_managed_prefix_list.bigfix.id},BigFix server to client"
+  }
+  name   = "admin-sg"
+  vpc-id = "vpc-01a10b033169f89a8"
+}
+```
+
+
+

Modules/Compute/security_group/main.tf

@@ -0,0 +1,39 @@
+data "aws_default_tags" "this" {
+  lifecycle {
+    postcondition {
+      condition     = length(self.tags) >= 1
+      error_message = "Validation failed: Provider default_tags not set."
+    }
+  }
+}
+
+resource "aws_security_group" "sg" {
+  name        = var.name
+  description = var.description
+  vpc_id      = var.vpc-id
+  tags        = { Name = var.name }
+}
+
+resource "aws_vpc_security_group_ingress_rule" "ingress-rules" {
+  for_each                     = var.ingress
+  security_group_id            = aws_security_group.sg.id
+  ip_protocol                  = split(",", each.value)[0]
+  from_port                    = split(",", each.value)[1]
+  to_port                      = split(",", each.value)[2]
+  cidr_ipv4                    = substr(split(",", each.value)[3], 2, 1) != "-" ? split(",", each.value)[3] : null
+  referenced_security_group_id = substr(split(",", each.value)[3], 0, 2) == "sg" ? split(",", each.value)[3] : null
+  prefix_list_id               = substr(split(",", each.value)[3], 0, 2) == "pl" ? split(",", each.value)[3] : null
+  description                  = split(",", each.value)[4]
+}
+
+resource "aws_vpc_security_group_egress_rule" "egress-rules" {
+  for_each                     = var.egress
+  security_group_id            = aws_security_group.sg.id
+  ip_protocol                  = split(",", each.value)[0]
+  from_port                    = split(",", each.value)[1]
+  to_port                      = split(",", each.value)[2]
+  cidr_ipv4                    = substr(split(",", each.value)[3], 2, 1) != "-" ? split(",", each.value)[3] : null
+  referenced_security_group_id = substr(split(",", each.value)[3], 0, 2) == "sg" ? split(",", each.value)[3] : null
+  prefix_list_id               = substr(split(",", each.value)[3], 0, 2) == "pl" ? split(",", each.value)[3] : null
+  description                  = split(",", each.value)[4]
+}

Modules/Compute/security_group/outputs.tf

@@ -0,0 +1,3 @@
+output id {
+  value = aws_security_group.sg.id
+}

Modules/Compute/security_group/variables.tf

@@ -0,0 +1,5 @@
+variable name {}
+variable description {}
+variable vpc-id {}
+variable ingress {}
+variable egress {}