[TEC-56][Added] - VPC Endpoints and NACL

environments/dev/backend/dynamodb.tf → environments/dev/backend/main.tf

@@ -1,3 +1,22 @@
+provider "aws" {
+  region = "us-west-2"
+}
+
+resource "aws_s3_bucket" "state_lock_bucket" {
+  bucket = "${var.environment}-${var.application}-s3-bucket"
+
+  tags = merge(
+    {
+      Name        = "${var.environment}-${var.application}-s3-bucket"
+      Environment = var.environment,
+      Owner       = var.owner,
+      CostCenter  = var.cost_center,
+      Application = var.application
+    },
+    var.tags
+  )
+}
+
 resource "aws_dynamodb_table" "state_lock_table" {
   name           = "${var.environment}-${var.application}-dynamodb-table"
   billing_mode   = var.billing_mode

environments/dev/ec2/main.tf

@@ -2,6 +2,15 @@ provider "aws" {
   region = var.region
 }
 
+module "iam-policy" {
+  source                      = "../../../modules/iam-policy"
+  iam_policy_json_file        = var.iam_policy_json_file
+  owner                       = var.owner
+  environment                 = var.environment
+  cost_center                 = var.cost_center
+  application                 = var.application
+}
+
 module "ec2" {
   source             = "../../../modules/ec2"
   region             = var.region
@@ -10,23 +19,22 @@ module "ec2" {
   key_name           = var.key_name
   instance_count     = var.instance_count
   subnet_ids         = var.subnet_ids
-  name               = var.name
+  associate_public_ip_address = var.associate_public_ip_address
+  attach_instance_profile     = var.attach_instance_profile
+  iam_role                    = module.iam-policy.iam_role
+  security_group_ids          = module.security-group.security_group_ids
+  attach_eip                  = var.attach_eip
+  storage_size                = var.storage_size
   environment        = var.environment
   owner              = var.owner
   cost_center        = var.cost_center
   application        = var.application
-  security_group_ids = module.security-group.security_group_ids
+
 }
 
 module "security-group" {
   source      = "../../../modules/security-group"
   region      = var.region
-  tags        = var.tags
-  name        = var.name
-  environment = var.environment
-  owner       = var.owner
-  cost_center = var.cost_center
-  application = var.application
   vpc_id      = var.vpc_id
 
   ingress_cidr_from_port     = var.ingress_cidr_from_port
@@ -49,5 +57,11 @@ module "security-group" {
   egress_sg_protocol         = var.egress_sg_protocol
   egress_security_group_ids  = var.egress_security_group_ids
   create_egress_sg           = var.create_egress_sg
+
+  environment = var.environment
+  owner       = var.owner
+  cost_center = var.cost_center
+  application = var.application
 }
 
+

environments/dev/ec2/outputs.tf

@@ -13,3 +13,7 @@ output "instance_public_ip" {
   value       = module.ec2.instance_public_ip
 }
 
+output "instance_eip" {
+  description = "EIP attach to the ec2 instance"
+  value       = module.ec2.instance_eip
+}

environments/dev/ec2/variables.tf

@@ -33,17 +33,37 @@ variable "vpc_id" {
   description = "VPC ID for the security group"
 }
 
+variable "associate_public_ip_address" {
+  type        = bool
+  description = "Enable or disable public ip address"
+}
+
+variable "attach_instance_profile" {
+  type        = bool
+  description = "Attach instance profile or not"
+}
+
+variable "iam_policy_json_file" {
+  type        = string
+  description = "Name of the json file"
+}
+
+variable "attach_eip" {
+  type        = bool
+  description = "Attach eip or not"
+}
+
+variable "storage_size" {
+  type        = number
+  description = "Storage size of the instance"
+}
+
 variable "tags" {
   default     = {}
   type        = map(string)
   description = "Extra tags to attach to the security group resources"
 }
 
-variable "name" {
-  type        = string
-  description = "The name of the resources"
-}
-
 variable "environment" {
   type        = string
   description = "The environment name for the resources"
@@ -163,3 +183,9 @@ variable "create_egress_sg" {
   type        = bool
   description = "Enable or disable Security Groups egress rules."
 }
+
+variable "iam_role" {
+  default     = null
+  description = "IAM role for the instance"
+  type        = string
+}

environments/dev/iam-policies/ec2.json

@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "*",
+            "Resource": "*"
+        }
+    ]
+}

environments/dev/ses/main.tf

@@ -0,0 +1,24 @@
+provider "aws" {
+  region = var.region
+}
+
+module "ses" {
+  source            = "../../modules/ses"
+  region            = var.region
+  domain_name       = var.domain_name
+  dkim_record_count = var.dkim_record_count
+  zone_id           = var.zone_id
+  dkim_record_type  = var.dkim_record_type
+  dkim_ttl          = var.dkim_ttl
+  custom_mail       = var.custom_mail
+  spf_mx_record     = var.spf_mx_record
+  spf_txt_record    = var.spf_txt_record
+  spf_ttl           = var.spf_ttl
+  name              = var.name
+  environment       = var.environment
+  owner             = var.owner
+  cost_center       = var.cost_center
+  application       = var.application
+}
+
+

environments/dev/ses/output.tf

@@ -0,0 +1,45 @@
+output "domain_identity_token" {
+  description = "Domain identity tokens"
+  value       = module.ses.domain_identity_token
+}
+
+output "domain_verification" {
+  description = "Verification status of the domain identity"
+  value       = module.ses.domain_verification
+}
+
+output "dkim_tokens" {
+  description = "DKIM tokens for domain identity"
+  value       = module.ses.dkim_tokens
+}
+
+output "domain_mail" {
+  description = "Email address associated with the domain identity"
+  value       = module.ses.domain_mail
+}
+
+output "route53_dkim_fqdn" {
+  description = "FQDN for the Route 53 DKIM DNS record"
+  value       = module.ses.route53_dkim_fqdn
+}
+
+output "route53_spf_mx_fqdn" {
+  description = "FQDN for the Route 53 SPF MX DNS record"
+  value       = module.ses.route53_spf_mx_fqdn
+}
+
+output "route53_spf_txt_fqdn" {
+  description = "FQDN for the Route 53 SPF TXT DNS record"
+  value       = module.ses.route53_spf_txt_fqdn
+}
+
+output "iam_user_name" {
+  description = "IAM user name associated with SES"
+  value       = module.ses.iam_user_name
+}
+
+output "iam_user_policy" {
+  description = "IAM policy associated with the IAM user"
+  value       = module.ses.iam_user_policy
+}
+

environments/dev/ses/variables.tf

@@ -0,0 +1,80 @@
+variable "region" {
+  type        = string
+  description = "Region of the EC2 instance"
+}
+
+variable "domain_name" {
+  type        = string
+  description = "Name of the domain"
+}
+
+variable "dkim_record_count" {
+  type        = number
+  description = "Number of DKIM records to create"
+}
+
+variable "zone_id" {
+  type        = string
+  description = "ID of the DNS zone where records will be added"
+}
+
+variable "dkim_record_type" {
+  type        = string
+  description = "Type of DKIM records to create"
+}
+
+variable "dkim_ttl" {
+  type        = number
+  description = "Time To Live (TTL) for DKIM records"
+}
+
+variable "custom_mail" {
+  type        = string
+  description = "Custom email address to associate with the domain"
+}
+
+variable "spf_mx_record" {
+  type        = string
+  description = "SPF MX record value for domain"
+}
+
+variable "spf_txt_record" {
+  type        = string
+  description = "SPF TXT record value for domain"
+}
+
+variable "spf_ttl" {
+  type        = number
+  description = "Time To Live (TTL) for SPF records"
+}
+
+variable "tags" {
+  default     = {}
+  type        = map(string)
+  description = "Tags to associate with the resources"
+}
+
+variable "name" {
+  type        = string
+  description = "Name of the resource"
+}
+
+variable "environment" {
+  type        = string
+  description = "Environment where the resource is deployed"
+}
+
+variable "owner" {
+  type        = string
+  description = "Owner of the resource"
+}
+
+variable "cost_center" {
+  type        = string
+  description = "Cost center responsible for the resource"
+}
+
+variable "application" {
+  type        = string
+  description = "Application to which the resource belongs"
+}