modules added

.github/workflows/auto_assignee.yml

@@ -7,8 +7,9 @@ on:
   workflow_dispatch:
 jobs:
   assignee:
-    uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.0.6
     secrets:
       GITHUB: ${{ secrets.GITHUB }}
     with:
       assignees: 'clouddrove-ci'
+

.github/workflows/changelog.yml

@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
 jobs:
   changelog:
-    uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.0.6
     secrets: inherit
     with:
       branch: 'master'

.github/workflows/readme.yml

@@ -18,7 +18,7 @@ jobs:
           python-version: '3.x'
 
       - name: 'create readme'
-        uses: 'clouddrove/github-actions@v9.0.2'
+        uses: 'clouddrove/github-actions@v9.0.3'
         with:
           actions_subcommand: 'readme'
           github_token: '${{ secrets.GITHUB }}'
@@ -35,7 +35,7 @@ jobs:
         continue-on-error: true
 
       - name: 'push readme'
-        uses: 'clouddrove/github-actions@v9.0.2'
+        uses: 'clouddrove/github-actions@v9.0.3'
         continue-on-error: true
         with:
           actions_subcommand: 'push'

.github/workflows/terraform_workflow.yml

@@ -0,0 +1,21 @@
+name: terraform workflow
+permissions: write-all
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+  workflow_dispatch:
+jobs:
+  networking:
+    uses: clouddrove/github-shared-workflows/.github/workflows/terraform_workflow.yml@1.0.6
+    with:
+        provider:            aws
+        working_directory:  '_examples/single-account'
+        var_file:           "terraform.tfvars"
+        aws_region:         us-east-1
+        approvers:          d4kverma
+        terraform_version:  1.5.7
+        destroy:            false
+    secrets:
+        AWS_ACCESS_KEY_ID:  ${{ secrets.TEST_AWS_ACCESS_KEY }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}

.github/workflows/tf-checks.yml

@@ -5,11 +5,35 @@ on:
   pull_request:
   workflow_dispatch:
 jobs:
-  complete:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
+  single-account:
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6
     with:
-      working_directory: './_examples/complete/'
-  basic:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
+      working_directory: './_examples/single-account/'
+      aws_credentials: true
+    secrets:
+        AWS_ACCESS_KEY_ID: ${{ secrets.TEST_AWS_ACCESS_KEY }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
+  networking:
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6
     with:
-      working_directory: './_examples/basic/'
+      working_directory: './_examples/multi-account/networking'
+      aws_credentials: true
+    secrets:
+        AWS_ACCESS_KEY_ID: ${{ secrets.TEST_AWS_ACCESS_KEY }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
+  shared:
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6
+    with:
+      working_directory: './_examples/multi-account/shared'
+      aws_credentials: true
+    secrets:
+        AWS_ACCESS_KEY_ID: ${{ secrets.TEST_AWS_ACCESS_KEY }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
+  dev:
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6
+    with:
+      working_directory: './_examples/multi-account/dev'
+      aws_credentials: true
+    secrets:
+        AWS_ACCESS_KEY_ID: ${{ secrets.TEST_AWS_ACCESS_KEY }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}

.github/workflows/tflint.yml

@@ -5,7 +5,7 @@ on:
   pull_request:
   workflow_dispatch:
 jobs:
-  tflint:
-    uses: clouddrove/test-tfsec/.github/workflows/tflint.yaml@master
+  tf-lint:
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@1.0.6
     secrets:
-      GITHUB: ${{ secrets.GITHUB }}
+      GITHUB: ${{ secrets.GITHUB }}

.github/workflows/tfsec.yml

@@ -5,7 +5,7 @@ on:
   workflow_dispatch:
 jobs:
   tfsec:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.0.6
     secrets: inherit
     with:
       working_directory: '.'

_examples/multi-account/dev/backend.tf

@@ -0,0 +1,10 @@
+################################################################################
+# backend
+################################################################################
+terraform {
+  backend "s3" {
+    bucket = "eks-automated-s3-bucket"
+    key    = "ct/dev.tfstate"
+    region = "us-east-1"
+  }
+}

_examples/multi-account/dev/main.tf

@@ -1,43 +1,53 @@
-# ------------------------------------------------------------------------------
-# Resources
-# ------------------------------------------------------------------------------
-locals {}
-
-#VPC
-#Transit
-#KMS (multi region)
-#ACM ()
-#Route53 dev.xyz.ca
-#SecurtyBaseline
-#Cloudtrail
-#GuardDuty
-#SecutyHub
-#GuardRails
-
-#EKS
-#RDS
-#EFS
-#EBS Encryption
-
 locals {
   name        = "ct"
   environment = "dev"
   region      = "us-east-1"
+  role_arn    = "arn:aws:iam::${data.aws_caller_identity.current.id}:role/CT-networking-test-sw" #Provide dev account role ARN
+  cidr_block  = "10.12.0.0/16"
+}
+
+data "aws_caller_identity" "current" {}
+
+provider "aws" {
+  region = local.region
 }
 
 provider "aws" {
+  alias = "networking"
+  assume_role {
+    role_arn = local.role_arn
+  }
   region = local.region
 }
 
-# ------------------------------------------------------------------------------
-# Resources
-# ------------------------------------------------------------------------------
 module "CT" {
-  source      = "../../"
+  providers = {
+    aws = aws.networking
+  }
+  source      = "../../../"
   name        = local.name
   environment = local.environment
+  region      = local.region
 
-  cidr_block  = "10.0.20.0/16"
-  subnet_type = private
+  ## VPC
+  cidr_block = local.cidr_block
 
-}
+  ## SUBNET
+  subnet_type = var.subnet_type
+
+  ## SECURTIY-GROUP
+  ssh_allow_ip = local.cidr_block
+
+  ## ACM
+  domain = var.domain
+
+  ## Route53
+  records = var.records
+
+  ## TGW-HUB
+  tgw_spoke_enable       = var.tgw_spoke_enable
+  spoke_destination_cidr = var.spoke_destination_cidr
+  transit_gateway_id     = var.transit_gateway_id
+  resource_share_arn     = var.resource_share_arn
+
+}

_examples/multi-account/dev/outputs.tf

@@ -1,3 +1,4 @@
 # ------------------------------------------------------------------------------
 # Outputs
 # ------------------------------------------------------------------------------
+

_examples/multi-account/dev/terraform.tfvars

@@ -0,0 +1,6 @@
+subnet_type            = "private"
+domain                 = "clouddrove.ca"
+records                = []
+spoke_destination_cidr = ["0.0.0.0/0"]
+transit_gateway_id     = ""
+resource_share_arn     = ""

_examples/multi-account/dev/variables.tf

@@ -1,3 +1,49 @@
 # ------------------------------------------------------------------------------
 # Variables
 # ------------------------------------------------------------------------------
+
+## SUBNET
+variable "subnet_type" {
+  type        = string
+  default     = ""
+  description = "Type of subnets to create (`private` or `public`)."
+}
+
+## ACM
+variable "domain" {
+  type        = string
+  default     = ""
+  description = "A domain name for which the certificate should be issued."
+}
+
+## Route53
+variable "records" {
+  type        = any
+  default     = []
+  description = "List of objects of DNS records"
+}
+
+## TGW-HUB
+variable "tgw_spoke_enable" {
+  type        = bool
+  default     = true
+  description = "Enable subnet to create or not."
+}
+
+variable "transit_gateway_id" {
+  type        = string
+  default     = ""
+  description = "The ID of gateway id."
+}
+
+variable "spoke_destination_cidr" {
+  type        = list(any)
+  default     = []
+  description = "The destination CIDR block (VPC)."
+}
+
+variable "resource_share_arn" {
+  type        = string
+  default     = ""
+  description = "Whether resource attachment requests are automatically accepted. Valid values: disable, enable. Default value: disable."
+}

_examples/multi-account/dev/version.tf

@@ -0,0 +1,11 @@
+# Terraform version
+terraform {
+  required_version = ">= 1.5.7"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.19.0"
+    }
+  }
+}

_examples/multi-account/networking/README.md

@@ -1,3 +1,3 @@
-## examples/complete
+## examples/basic
 
-An example which shows _complete_ usage of the module.
+An example which shows _basic_ usage of the module.

_examples/multi-account/networking/backend.tf

@@ -0,0 +1,10 @@
+################################################################################
+# backend
+################################################################################
+terraform {
+  backend "s3" {
+    bucket = "eks-automated-s3-bucket"
+    key    = "ct/networking.tfstate"
+    region = "us-east-1"
+  }
+}