HistoryPurge: Clearing 17 old commits
This commit is contained in:
@@ -0,0 +1,54 @@
|
||||
<!-- This readme file is generated with terraform-docs -->
|
||||
## Requirements
|
||||
|
||||
| Name | Version |
|
||||
|------|---------|
|
||||
| terraform | >= 1.3.0 |
|
||||
| aws | >= 5.0 |
|
||||
| http | >= 3.4.2 |
|
||||
|
||||
## Providers
|
||||
|
||||
| Name | Version |
|
||||
|------|---------|
|
||||
| aws | 5.51.1 |
|
||||
| http | 3.4.2 |
|
||||
|
||||
## Modules
|
||||
|
||||
| Name | Source | Version |
|
||||
|------|--------|---------|
|
||||
| CloudflareSg | ../../Modules/Compute/security_group | n/a |
|
||||
| Vpc | terraform-aws-modules/vpc/aws | 5.8.1 |
|
||||
| VpcEndpoints | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 5.8.1 |
|
||||
|
||||
## Resources
|
||||
|
||||
| Name | Type |
|
||||
|------|------|
|
||||
| [aws_ec2_managed_prefix_list.pl1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_managed_prefix_list) | resource |
|
||||
| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
|
||||
| [aws_iam_policy_document.dynamodb_endpoint_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
|
||||
| [aws_iam_policy_document.s3_endpoint_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
|
||||
| [http_http.CloudflareIps](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
|
||||
|
||||
## Inputs
|
||||
|
||||
| Name | Description | Type | Default | Required |
|
||||
|------|-------------|------|---------|:--------:|
|
||||
| VpcCidr | VPC CIDR | `string` | n/a | yes |
|
||||
| VpcName | Name of VPC | `string` | n/a | yes |
|
||||
|
||||
## Outputs
|
||||
|
||||
| Name | Description |
|
||||
|------|-------------|
|
||||
| CloudflareSg | Cloudflare security group id |
|
||||
| PrivateSubnetCidrs | Private subnet CIDRs |
|
||||
| VpcCidr | Vpc CIDR |
|
||||
| VpcId | Vpc ID |
|
||||
| last-updated | n/a |
|
||||
|
||||
---
|
||||
## Authorship
|
||||
This module was developed by xpk.
|
||||
@@ -0,0 +1,123 @@
|
||||
data "aws_availability_zones" "available" {}
|
||||
|
||||
locals {
|
||||
PrivataSubnets = cidrsubnets(var.VpcCidr, 8, 8)
|
||||
}
|
||||
|
||||
module "Vpc" {
|
||||
source = "terraform-aws-modules/vpc/aws"
|
||||
version = "5.8.1"
|
||||
|
||||
name = var.VpcName
|
||||
cidr = var.VpcCidr
|
||||
azs = slice(data.aws_availability_zones.available.names, 0, 2)
|
||||
|
||||
private_subnets = local.PrivataSubnets
|
||||
private_subnet_names = [for k, v in local.PrivataSubnets : "${var.VpcName}Private${k}"]
|
||||
enable_dns_hostnames = true
|
||||
enable_dns_support = true
|
||||
enable_nat_gateway = false
|
||||
enable_dhcp_options = true
|
||||
dhcp_options_domain_name = "${var.VpcName}.aws"
|
||||
}
|
||||
|
||||
module "VpcEndpoints" {
|
||||
source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
|
||||
version = "5.8.1"
|
||||
|
||||
vpc_id = module.Vpc.vpc_id
|
||||
create_security_group = false
|
||||
endpoints = {
|
||||
s3 = {
|
||||
service = "s3"
|
||||
service_type = "Gateway"
|
||||
route_table_ids = flatten([
|
||||
module.Vpc.intra_route_table_ids, module.Vpc.private_route_table_ids, module.Vpc.public_route_table_ids
|
||||
])
|
||||
policy = data.aws_iam_policy_document.s3_endpoint_policy.json
|
||||
tags = { Name = "S3VpcEp" }
|
||||
},
|
||||
dynamodb = {
|
||||
service = "dynamodb"
|
||||
service_type = "Gateway"
|
||||
route_table_ids = flatten([
|
||||
module.Vpc.intra_route_table_ids, module.Vpc.private_route_table_ids, module.Vpc.public_route_table_ids
|
||||
])
|
||||
policy = data.aws_iam_policy_document.dynamodb_endpoint_policy.json
|
||||
tags = { Name = "DynamodbVpcEp" }
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
data "aws_iam_policy_document" "s3_endpoint_policy" {
|
||||
statement {
|
||||
effect = "Deny"
|
||||
actions = ["s3:*"]
|
||||
resources = ["*"]
|
||||
|
||||
principals {
|
||||
type = "*"
|
||||
identifiers = ["*"]
|
||||
}
|
||||
|
||||
condition {
|
||||
test = "StringNotEquals"
|
||||
variable = "aws:sourceVpc"
|
||||
|
||||
values = [module.Vpc.vpc_id]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
data "aws_iam_policy_document" "dynamodb_endpoint_policy" {
|
||||
statement {
|
||||
effect = "Deny"
|
||||
actions = ["dynamodb:*"]
|
||||
resources = ["*"]
|
||||
|
||||
principals {
|
||||
type = "*"
|
||||
identifiers = ["*"]
|
||||
}
|
||||
|
||||
condition {
|
||||
test = "StringNotEquals"
|
||||
variable = "aws:sourceVpc"
|
||||
|
||||
values = [module.Vpc.vpc_id]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
data "http" "CloudflareIps" {
|
||||
url = "https://api.cloudflare.com/client/v4/ips"
|
||||
request_headers = {
|
||||
Accept = "application/json"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_ec2_managed_prefix_list" "pl1" {
|
||||
name = "CloudflareIpRanges"
|
||||
address_family = "IPv4"
|
||||
max_entries = 20
|
||||
dynamic "entry" {
|
||||
for_each = jsondecode(data.http.CloudflareIps.response_body)["result"]["ipv4_cidrs"]
|
||||
content {
|
||||
cidr = entry.value
|
||||
description = "Cloudflare IP"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module "CloudflareSg" {
|
||||
source = "../../Modules/Compute/security_group"
|
||||
description = "Cloudflare Ip Ranges"
|
||||
egress = {
|
||||
}
|
||||
ingress = {
|
||||
r1 = "tcp,443,443,${aws_ec2_managed_prefix_list.pl1.id},Cloudflare Prefix List"
|
||||
}
|
||||
name = "cloudflare-ips"
|
||||
vpc-id = module.Vpc.vpc_id
|
||||
}
|
||||
@@ -0,0 +1,19 @@
|
||||
output "VpcId" {
|
||||
value = module.Vpc.vpc_id
|
||||
description = "Vpc ID"
|
||||
}
|
||||
|
||||
output "VpcCidr" {
|
||||
value = module.Vpc.vpc_cidr_block
|
||||
description = "Vpc CIDR"
|
||||
}
|
||||
|
||||
output "PrivateSubnetCidrs" {
|
||||
value = module.Vpc.private_subnets_cidr_blocks
|
||||
description = "Private subnet CIDRs"
|
||||
}
|
||||
|
||||
output "CloudflareSg" {
|
||||
value = module.CloudflareSg.id
|
||||
description = "Cloudflare security group id"
|
||||
}
|
||||
@@ -0,0 +1,31 @@
|
||||
provider "aws" {
|
||||
region = "us-east-1"
|
||||
|
||||
default_tags {
|
||||
tags = {
|
||||
ServiceProvider = "RackspaceTechnology"
|
||||
Environment = "Training"
|
||||
Project = "Iac"
|
||||
TerraformMode = "managed"
|
||||
TerraformDir = "${reverse(split("/", path.cwd))[1]}/${reverse(split("/", path.cwd))[0]}"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
output "last-updated" {
|
||||
value = timestamp()
|
||||
}
|
||||
|
||||
terraform {
|
||||
required_version = ">= 1.3.0"
|
||||
required_providers {
|
||||
aws = {
|
||||
source = "hashicorp/aws"
|
||||
version = ">= 5.0"
|
||||
}
|
||||
http = {
|
||||
source = "hashicorp/http"
|
||||
version = ">= 3.4.2"
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
VpcName = "TrainingVpc"
|
||||
VpcCidr = "192.168.0.0/16"
|
||||
@@ -0,0 +1,9 @@
|
||||
variable "VpcName" {
|
||||
type = string
|
||||
description = "Name of VPC"
|
||||
}
|
||||
|
||||
variable "VpcCidr" {
|
||||
type = string
|
||||
description = "VPC CIDR"
|
||||
}
|
||||
Reference in New Issue
Block a user