Merge branch 'techiescamp:master' into TEC-56

Author: aswin-vijayan

README.md

@@ -22,6 +22,31 @@ terraform destroy \
     -backend-config="dynamodb_table=terraform-state-lock"
 ```
 
+#### VPC Provisioning
+
+cd into the `environments/dev/vpc` directory and run the following commands:
+
+1. Init Terraform in the directory `environments/dev/vpc`
+
+```
+terraform init
+```
+2. To preview the changes in code
+
+```
+terraform plan -var-file=../../../vars/dev/vpc.tfvars
+```
+3. To apply the changes
+
+```
+terraform apply -var-file=../../../vars/dev/vpc.tfvars
+```
+4. To destroy the resources created using the code
+
+```
+terraform destroy -var-file=../../../vars/dev/vpc.tfvars
+
+
 #### RDS Provisioning
 
 cd into the `environments/dev/rds` directory and run the following commands:

environments/dev/ec2/main.tf

@@ -20,22 +20,36 @@ module "ec2" {
 }
 
 module "security-group" {
-  source             = "../../../modules/security-group"
-  region             = var.region
-  tags               = var.tags
-  name               = var.name
-  environment        = var.environment
-  owner              = var.owner
-  cost_center        = var.cost_center
-  application        = var.application
-  sg_name            = var.sg_name
-  vpc_id             = var.vpc_id
-  ingress_from_port  = var.ingress_from_port
-  ingress_to_port    = var.ingress_to_port
-  ingress_protocol   = var.ingress_protocol
-  ingress_cidr_block = var.ingress_cidr_block
-  egress_from_port   = var.egress_from_port
-  egress_to_port     = var.egress_to_port
-  egress_protocol    = var.egress_protocol
-  egress_cidr_block  = var.egress_cidr_block
+  source      = "../../../modules/security-group"
+  region      = var.region
+  tags        = var.tags
+  name        = var.name
+  environment = var.environment
+  owner       = var.owner
+  cost_center = var.cost_center
+  application = var.application
+  sg_name     = var.sg_name
+  vpc_id      = var.vpc_id
+
+  ingress_cidr_from_port     = var.ingress_cidr_from_port
+  ingress_cidr_to_port       = var.ingress_cidr_to_port
+  ingress_cidr_protocol      = var.ingress_cidr_protocol
+  ingress_cidr_block         = var.ingress_cidr_block
+  create_ingress_cidr        = var.create_ingress_cidr
+  ingress_sg_from_port       = var.ingress_sg_from_port
+  ingress_sg_to_port         = var.ingress_sg_to_port
+  ingress_sg_protocol        = var.ingress_sg_protocol
+  ingress_security_group_ids = var.ingress_security_group_ids
+  create_ingress_sg          = var.create_ingress_sg
+  egress_cidr_from_port      = var.egress_cidr_from_port
+  egress_cidr_to_port        = var.egress_cidr_to_port
+  egress_cidr_protocol       = var.egress_cidr_protocol
+  egress_cidr_block          = var.egress_cidr_block
+  create_egress_cidr         = var.create_egress_cidr
+  egress_sg_from_port        = var.egress_sg_from_port
+  egress_sg_to_port          = var.egress_sg_to_port
+  egress_sg_protocol         = var.egress_sg_protocol
+  egress_security_group_ids  = var.egress_security_group_ids
+  create_egress_sg           = var.create_egress_sg
 }
+

environments/dev/ec2/variables.tf

@@ -43,73 +43,133 @@ variable "vpc_id" {
   description = "VPC ID for the security group"
 }
 
+variable "tags" {
+  default     = {}
+  type        = map(string)
+  description = "Extra tags to attach to the security group resources"
+}
+
+variable "name" {
+  type        = string
+  description = "The name of the resources"
+}
+
+variable "environment" {
+  type        = string
+  description = "The environment name for the resources"
+}
+
+variable "owner" {
+  type        = string
+  description = "Owner's name for the resource"
+}
+
+variable "cost_center" {
+  type        = string
+  description = "Cost center identifier for the resource"
+}
+
+variable "application" {
+  type        = string
+  description = "Name of the application related to the resource"
+}
+
+variable "ingress_cidr_from_port" {
+  type        = list(number)
+  description = "List of starting ports for cidr ingress rules of the EC2 security group."
+}
+
+variable "ingress_cidr_to_port" {
+  type        = list(number)
+  description = "List of ending ports for cidr ingress rules of the EC2 security group."
+}
+
+variable "ingress_cidr_protocol" {
+  type        = list(string)
+  description = "List of protocols for cidr ingress rules of the EC2 security group."
+}
+
 variable "ingress_cidr_block" {
   type        = list(string)
-  description = "CIDR blocks for EC2 security group ingress rules"
+  description = "List of CIDR blocks for cidr ingress rules of the EC2 security group."
 }
 
-variable "ingress_from_port" {
-  description = "The starting port for ingress rules"
+variable "ingress_sg_from_port" {
   type        = list(number)
+  description = "List of starting ports for sg ingress rules of the EC2 security group."
 }
 
-variable "ingress_to_port" {
-  description = "The ending port for ingress rules"
+variable "ingress_sg_to_port" {
   type        = list(number)
+  description = "List of ending ports for sg ingress rules of the EC2 security group."
 }
 
-variable "ingress_protocol" {
-  description = "The protocol for ingress rules"
-  type        = list(any)
+variable "ingress_sg_protocol" {
+  type        = list(string)
+  description = "List of protocols for sg ingress rules of the EC2 security group."
 }
 
-variable "egress_cidr_block" {
+variable "ingress_security_group_ids" {
   type        = list(string)
-  description = "CIDR blocks for EC2 security group egress rules"
+  description = "List of Security Group ids for sg ingress rules of the EC2 security group."
 }
 
-variable "egress_from_port" {
-  description = "The starting port for egress rules"
+variable "egress_cidr_from_port" {
   type        = list(number)
+  description = "List of starting ports for cidr egress rules of the EC2 security group."
 }
 
-variable "egress_to_port" {
-  description = "The ending port for egress rules"
+variable "egress_cidr_to_port" {
   type        = list(number)
+  description = "List of ending ports for cidr egress rules of the EC2 security group."
 }
 
-variable "egress_protocol" {
-  description = "The protocol for egress rules"
-  type        = list(any)
+variable "egress_cidr_protocol" {
+  type        = list(string)
+  description = "List of protocols for cidr egress rules of the EC2 security group."
 }
 
-variable "tags" {
-  default     = {}
-  type        = map(string)
-  description = "Extra tags to attach to the security group resources"
+variable "egress_cidr_block" {
+  type        = list(string)
+  description = "List of CIDR blocks for cidr egress rules of the EC2 security group."
 }
 
-variable "name" {
-  type        = string
-  description = "The name of the resources"
+variable "egress_sg_from_port" {
+  type        = list(number)
+  description = "List of starting ports for sg egress rules of the EC2 security group."
 }
 
-variable "environment" {
+variable "egress_sg_to_port" {
+  type        = list(number)
+  description = "List of ending ports for sg egress rules of the EC2 security group."
+}
+
+variable "egress_sg_protocol" {
   type        = list(string)
-  description = "The environment name for the resources"
+  description = "List of protocols for sg egress rules of the EC2 security group."
 }
 
-variable "owner" {
-  type        = string
-  description = "Owner's name for the resource"
+variable "egress_security_group_ids" {
+  type        = list(string)
+  description = "List of Security Group ids for sg egress rules of the EC2 security group."
 }
 
-variable "cost_center" {
-  type        = string
-  description = "Cost center identifier for the resource"
+variable "create_ingress_cidr" {
+  type        = bool
+  description = "Enable or disable CIDR block ingress rules."
 }
 
-variable "application" {
-  type        = string
-  description = "Name of the application related to the resource"
+variable "create_ingress_sg" {
+  type        = bool
+  description = "Enable or disable Security Groups ingress rules."
+}
+
+variable "create_egress_cidr" {
+  type        = bool
+  description = "Enable or disable CIDR block egress rules."
+}
+
+variable "create_egress_sg" {
+  type        = bool
+  description = "Enable or disable Security Groups egress rules."
 }

environments/dev/vpc/main.tf

@@ -7,14 +7,22 @@ provider "aws" {
 
 module "vpc" {
   source                        = "../../../modules/vpc"
-  name                          = "eks-vpc"
-  region                        = "us-west-2"
-  project                       = "EKS Demo"
-  environment                   = "dev"
-  vpc_cidr_block                = "10.0.0.0/16"
-  public_subnet_cidr_blocks     = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
-  app_subnet_cidr_blocks        = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
-  db_subnet_cidr_blocks         = ["10.0.7.0/24", "10.0.8.0/24", "10.0.9.0/24"]
-  management_subnet_cidr_blocks = ["10.0.10.0/24", "10.0.11.0/24", "10.0.12.0/24"]
-  availability_zones            = ["us-west-2a", "us-west-2b", "us-west-2c"]
+  region                        = var.region
+  vpc_cidr_block                = var.vpc_cidr_block
+  instance_tenancy              = var.instance_tenancy
+  enable_dns_support            = var.enable_dns_support
+  enable_dns_hostnames          = var.enable_dns_hostnames
+  domain                        = var.domain
+  create_nat_gateway            = var.create_nat_gateway
+  destination_cidr_block        = var.destination_cidr_block
+  map_public_ip_on_launch       = var.map_public_ip_on_launch
+  public_subnet_cidr_blocks     = var.public_subnet_cidr_blocks
+  app_subnet_cidr_blocks        = var.app_subnet_cidr_blocks
+  db_subnet_cidr_blocks         = var.db_subnet_cidr_blocks
+  management_subnet_cidr_blocks = var.management_subnet_cidr_blocks
+  availability_zones            = var.availability_zones
+  owner                         = var.owner
+  environment                   = var.environment
+  cost_center                   = var.cost_center
+  application                   = var.application
 }

environments/dev/vpc/variables.tf

@@ -0,0 +1,103 @@
+# Common Variables
+
+variable "tags" {
+  default     = {}
+  type        = map(string)
+  description = "Extra tags to attach to the VPC resources"
+}
+
+variable "region" {
+  type        = string
+  description = "Region of the VPC"
+}
+
+# VPC Variables
+
+variable "vpc_cidr_block" {
+  type        = string
+  description = "CIDR block for the VPC"
+}
+
+# Subnet Varaibles
+
+variable "public_subnet_cidr_blocks" {
+  type        = list(any)
+  description = "List of public subnet CIDR blocks"
+}
+
+variable "app_subnet_cidr_blocks" {
+  type        = list(any)
+  description = "List of application subnet CIDR blocks"
+}
+
+variable "db_subnet_cidr_blocks" {
+  type        = list(any)
+  description = "List of Database subnet CIDR blocks"
+}
+
+variable "management_subnet_cidr_blocks" {
+  type        = list(any)
+  description = "List of management subnet CIDR blocks"
+}
+
+variable "availability_zones" {
+  type        = list(any)
+  description = "List of availability zones"
+}
+
+variable "create_nat_gateway" {
+  type        = bool
+  description = "whether to create a NAT gateway or not"
+}
+
+variable "owner" {
+  type        = string
+  description = "Name of owner"
+}
+
+variable "environment" {
+  type        = string
+  description = "The environment name for the resources."
+}
+
+variable "cost_center" {
+  type        = string
+  description = "Name of cost-center for this alb-asg"
+}
+
+variable "application" {
+  type        = string
+  description = "Name of the application"
+}
+
+variable "instance_tenancy" {
+  type        = string
+  description = "Set instance-tenancy"
+}
+
+variable "enable_dns_support" {
+  type        = bool
+  description = "whether to enable DNS support or not"
+}
+
+variable "enable_dns_hostnames" {
+  type        = bool
+  description = "whether to enable DNS hostnames or not"
+}
+
+variable "domain" {
+  type        = string
+  description = "Set the domain of eip"
+}
+
+variable "destination_cidr_block" {
+  type        = string
+  description = "Set the destination cidr block"
+}
+
+variable "map_public_ip_on_launch" {
+  type        = bool
+  description = "whether to map public ip on launch or not"
+}
+
+