xpk/terraform.examples
SHA256
1
0
Fork 0
Code Pull Requests Activity

initial commit

Browse Source
This commit is contained in:
xpk
2026-02-13 15:44:24 +08:00
parent 66be8224f4
commit 09ce4c881a
570 changed files with 61807 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
aws-ad-connector/main.tf
+48
View File
@@ -0,0 +1,48 @@
module "vpc-subnets" {
source = "../../modules/networking/vpc_subnets"
application = var.application
aws-region = var.aws-region
customer-name = var.customer-name
default-tags = local.default-tags
environment = var.environment
project = var.project
vpc-cidr = var.vpc-cidr
number-of-private-subnets-per-az = var.number-of-private-subnets-per-az
number-of-public-subnets-per-az = var.number-of-public-subnets-per-az
create-nat-gateway = false
enable-flow-log = true
vpcflowlog-retain-days = 90
vpcflowlog-cwl-loggroup-key-arn = ""
create-free-vpc-endpoints = false
}
# S3 flow log needs to be created separately. it's not supported by vpc_subnets module
resource "aws_flow_log" "vpc-log-s3" {
log_destination = var.vpc-flowlog-bucket-arn
log_destination_type = "s3"
traffic_type = "ALL"
vpc_id = module.vpc-subnets.vpc_id
}
/*
After adc is deployed by terraform, the following tasks need to be performed manually.
They cannot be managed by terraform
1. Edit security group created for adconnector. SG name is d-???_controllers
2. Enable client LDAPS communication
3. Setup maintenance notification through SNS
4. Enable SSO application. Setting enable_sso in member account results in error. alias is deliberately not set
*/
module "adconnector" {
source = "../../modules/security_identity_compliance/ds-adconnector"
adc-dns-ips = var.adc-dns-ips
adc-domainname = var.adc-domainname
adc-service-account-password = var.adc-service-account-password
adc-service-account-username = var.adc-service-account-username
adc-size = var.adc-size
adc-subnet-ids = module.vpc-subnets.private-subnet-ids
adc-vpc-id = module.vpc-subnets.vpc_id
default-tags = local.default-tags
}