diff --git a/iac-source1/helm/custom-modules-flow/Chart.yaml b/iac-source1/helm/custom-modules-flow/Chart.yaml new file mode 100644 index 0000000..2f38cdc --- /dev/null +++ b/iac-source1/helm/custom-modules-flow/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +appVersion: 1.0.0 +description: Generated helm chart created for service "custom-modules-flow" with stackgen +name: custom-modules-flow +type: application +version: 0.1.0 diff --git a/iac-source1/helm/custom-modules-flow/README.md b/iac-source1/helm/custom-modules-flow/README.md new file mode 100644 index 0000000..97383f4 --- /dev/null +++ b/iac-source1/helm/custom-modules-flow/README.md @@ -0,0 +1,13 @@ +# [StackGen](stackgen.com) generated IaC + +Below are the instructions to get started with the generated IaC + +## Install Helm Chart + +1. Before installing the included helm chart, please make sure the ~/.kube/config points to the cluster you want to use. +2. Update the helm-chart/values.yaml as required. +3. Generated charts and dependent sub-charts for the AppStack can be installed to your cluster by running - + +``` +sh install-chart.sh +``` diff --git a/iac-source1/helm/custom-modules-flow/install-chart.sh b/iac-source1/helm/custom-modules-flow/install-chart.sh new file mode 100644 index 0000000..32b5a2a --- /dev/null +++ b/iac-source1/helm/custom-modules-flow/install-chart.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +# Exit on any failure +set -e + +HELM_CHART_DIR="." +RELEASE_NAME=${1} + +if [ -z "${RELEASE_NAME}" ]; then + echo "Usage: install-chart.sh " + exit 1 +fi + +# Add bitnami repo +helm repo add bitnami https://charts.bitnami.com/bitnami + +# Build helm dependencies +helm dependency build ${HELM_CHART_DIR} + +# Install chart +helm upgrade --install ${RELEASE_NAME} ${HELM_CHART_DIR} -f ${HELM_CHART_DIR}/values.yaml --render-subchart-notes diff --git a/iac-source1/helm/custom-modules-flow/values.yaml b/iac-source1/helm/custom-modules-flow/values.yaml new file mode 100644 index 0000000..0967ef4 --- /dev/null +++ b/iac-source1/helm/custom-modules-flow/values.yaml @@ -0,0 +1 @@ +{} diff --git a/iac-source1/terraform/backend.tf b/iac-source1/terraform/backend.tf deleted file mode 100644 index fc88e05..0000000 --- a/iac-source1/terraform/backend.tf +++ /dev/null @@ -1,5 +0,0 @@ -terraform { - backend "local" { - path = "/Users/gauravchavan/Documents/terraform.tfstate" - } -} diff --git a/iac-source1/terraform/main.tf b/iac-source1/terraform/main.tf index 01b2321..17e8cb1 100644 --- a/iac-source1/terraform/main.tf +++ b/iac-source1/terraform/main.tf @@ -1,42 +1,161 @@ -module "stackgen_2ea25a38-fd59-40bb-ac70-3e9cacd2f073" { - source = "./modules/aws_athena" - athena_engine_version = "AUTO" - bucket_name = module.stackgen_e2c3eb90-18ac-4116-823a-027739cbbeb2.bucket_name - bytes_scanned_cutoff_per_query = 10485760 - database_force_destroy = false - database_name = "custom-module-tesing" - encrypt_query_results = true - encryption_option = "SSE_KMS" - expected_bucket_owner = null - kms_key = null - query = "query1" - query_description = null - query_name = "test-query1" - query_results_encryption_option = "SSE_KMS" - require_encryption_configuration = false - result_output_location = null - set_acl_configuration = false +module "stackgen_031238de-adc8-51a3-91d9-c93de1930675" { + source = "./modules/aws_subnet" + availability_zone = "eu-west-3a" + cidr_block = "10.0.1.0/24" + map_public_ip_on_launch = true tags = { - owner = "Gaurav" + Environment = "dev" + Name = "dev-public-subnet-0" } - workgroup_description = null - workgroup_force_destroy = false - workgroup_name = "test-wg" - workgroup_state = "ENABLED" -} - -module "stackgen_e2c3eb90-18ac-4116-823a-027739cbbeb2" { - source = "./modules/aws_s3" - block_public_access = true - bucket_name = "some-s3-bucket" - bucket_policy = "" - enable_versioning = true - enable_website_configuration = false - sse_algorithm = "aws:kms" + vpc_id = module.stackgen_558d7ac4-ccc6-5b7b-b41a-fa5157526267.id +} + +module "stackgen_14816102-e587-5b6f-bab3-dff0045f4512" { + source = "./modules/aws_s3_bucket" + bucket = "athena-query-results-bucket-5wmk7e4p" + force_destroy = true + object_lock_enabled = false + tags = { + Environment = "dev" + Name = "dev-athena-results" + } +} + +module "stackgen_2c912ed8-8a45-51b0-b0c5-cc6812d0a890" { + source = "./modules/aws_subnet" + availability_zone = "eu-west-3b" + cidr_block = "10.0.2.0/24" + map_public_ip_on_launch = true + tags = { + Environment = "dev" + Name = "dev-public-subnet-1" + } + vpc_id = module.stackgen_558d7ac4-ccc6-5b7b-b41a-fa5157526267.id +} + +module "stackgen_34b80001-017a-5312-9144-65da25a068a9" { + source = "./modules/aws_eks_cluster" + access_config = [{ + authentication_mode = "CONFIG_MAP" + bootstrap_cluster_creator_admin_permissions = true + }] + bootstrap_self_managed_addons = true + compute_config = [] + eks_version = null + enabled_cluster_log_types = [] + encryption_config = [] + kubernetes_network_config = [{ + elastic_load_balancing = [{ + enabled = false + }] + ip_family = "ipv4" + service_ipv4_cidr = "172.20.0.0/16" + service_ipv6_cidr = "" + }] + name = "eks-cluster" + outpost_config = [] + remote_network_config = [] + role_arn = "arn:aws:iam::180217099948:role/eks-cluster-eks-role" + storage_config = [] + tags = { + Environment = "dev" + } + timeouts = null + upgrade_policy = [{ + support_type = "EXTENDED" + }] + vpc_config = [{ + cluster_security_group_id = "sg-043b2f9aa928fa8ba" + endpoint_private_access = false + endpoint_public_access = true + public_access_cidrs = ["0.0.0.0/0"] + security_group_ids = [] + subnet_ids = ["subnet-01cb21854923cccea", "subnet-0e487cc6581e914bb"] + vpc_id = "vpc-00d2820275a539204" + }] + zonal_shift_config = [] +} + +module "stackgen_37476bf3-9a65-509a-b352-edea3c6656b2" { + source = "./modules/data_aws_availability_zones" + all_availability_zones = null + exclude_names = null + exclude_zone_ids = null + state = null +} + +module "stackgen_473ba727-cbcd-51d9-b1ab-49f583404fe7" { + source = "./modules/random_string" + keepers = null + length = 8 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + numeric = true + override_special = null + special = false + upper = false +} + +module "stackgen_558d7ac4-ccc6-5b7b-b41a-fa5157526267" { + source = "./modules/aws_vpc" + cidr_block = "10.0.0.0/16" + enable_dns_hostnames = true + enable_dns_support = true + enable_network_address_usage_metrics = false + instance_tenancy = "default" tags = { - owner = "Gaurav" + Environment = "dev" + Name = "dev-vpc" } - website_error_document = "404.html" - website_index_document = "index.html" +} + +module "stackgen_63b6a8c7-d442-5a71-923d-61c60aa9c54d" { + source = "./modules/data_aws_iam_policy_document" + override_json = null + override_policy_documents = null + policy_id = null + source_json = null + source_policy_documents = null + statement = [{ + actions = ["sts:AssumeRole"] + condition = [] + effect = "Allow" + not_actions = [] + not_principals = [] + not_resources = [] + principals = [{ + identifiers = ["eks.amazonaws.com"] + type = "Service" + }] + resources = [] + sid = "" + }] +} + +module "stackgen_7ef7e820-8361-52fd-a35f-aebce364af00" { + source = "./modules/aws_iam_role" + assume_role_policy = "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"eks.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}" + description = "" + force_detach_policies = false + inline_policy = [] + max_session_duration = 3600 + name = "eks-cluster-eks-role" + path = "/" + permissions_boundary = "" + tags = { + Environment = "dev" + } +} + +module "stackgen_e7de1e20-14c7-5811-ba15-9963dc266cb8" { + source = "./modules/aws_s3_bucket_public_access_block" + block_public_acls = true + block_public_policy = true + bucket = module.stackgen_14816102-e587-5b6f-bab3-dff0045f4512.bucket + ignore_public_acls = true + restrict_public_buckets = true } diff --git a/iac-source1/terraform/modules/aws_athena/aws_athena.tf b/iac-source1/terraform/modules/aws_athena/aws_athena.tf deleted file mode 100644 index 045f2c0..0000000 --- a/iac-source1/terraform/modules/aws_athena/aws_athena.tf +++ /dev/null @@ -1,80 +0,0 @@ -# named query resource -resource "aws_athena_named_query" "this" { - name = var.query_name - description = var.query_description - query = var.query - workgroup = aws_athena_workgroup.this.id - database = aws_athena_database.this.name -} - -# database resource -resource "aws_athena_database" "this" { - name = var.database_name - bucket = var.bucket_name - dynamic "acl_configuration" { - for_each = var.set_acl_configuration ? [1] : [] - content { - s3_acl_option = "BUCKET_OWNER_FULL_CONTROL" - } - } - - dynamic "encryption_configuration" { - for_each = var.require_encryption_configuration ? [1] : [] - content { - encryption_option = var.encryption_option - kms_key = var.kms_key - } - } - - expected_bucket_owner = var.expected_bucket_owner - force_destroy = var.database_force_destroy -} - -resource "aws_kms_key" "aws_athena-result" { - deletion_window_in_days = 7 - description = "Athena KMS Key" -} - -resource "aws_kms_key" "athena_result_encryption" { - count = var.encrypt_query_results && var.query_results_encryption_option != "SSE_S3" ? 1 : 0 - description = "Custom KMS key for Athena query result encryption." - enable_key_rotation = true -} - -# workgroup resource -resource "aws_athena_workgroup" "this" { - name = var.workgroup_name - description = var.workgroup_description - state = var.workgroup_state - force_destroy = var.workgroup_force_destroy - tags = var.tags - - configuration { - bytes_scanned_cutoff_per_query = var.bytes_scanned_cutoff_per_query - engine_version { - selected_engine_version = var.athena_engine_version - } - result_configuration { - dynamic "encryption_configuration" { - for_each = var.encrypt_query_results ? [1] : [] - content { - encryption_option = var.query_results_encryption_option - kms_key_arn = aws_kms_key.athena_result_encryption[0].arn - } - } - dynamic "acl_configuration" { - for_each = var.set_acl_configuration ? [1] : [] - content { - s3_acl_option = "BUCKET_OWNER_FULL_CONTROL" - } - } - output_location = var.result_output_location - } - } -} - - - - - - diff --git a/iac-source1/terraform/modules/aws_athena/outputs.tf.json b/iac-source1/terraform/modules/aws_athena/outputs.tf.json deleted file mode 100644 index c82acb8..0000000 --- a/iac-source1/terraform/modules/aws_athena/outputs.tf.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "output": { - "arn": { - "description": "The value of the wg_arn output", - "sensitive": false, - "value": "${aws_athena_workgroup.this.arn}" - }, - "database_id": { - "description": "The value of the database_id output", - "sensitive": false, - "value": "${aws_athena_database.this.id}" - }, - "query_id": { - "description": "The value of the query_id output", - "sensitive": false, - "value": "${aws_athena_named_query.this.id}" - } - } -} \ No newline at end of file diff --git a/iac-source1/terraform/modules/aws_athena/variables.tf.json b/iac-source1/terraform/modules/aws_athena/variables.tf.json deleted file mode 100644 index f272aae..0000000 --- a/iac-source1/terraform/modules/aws_athena/variables.tf.json +++ /dev/null @@ -1,161 +0,0 @@ -{ - "variable": { - "athena_engine_version": [ - { - "default": "AUTO", - "description": "Requested Athena engine version.", - "nullable": false, - "type": "string" - } - ], - "bucket_name": [ - { - "description": "Name of S3 bucket to save the results of the query execution.", - "nullable": false, - "type": "string" - } - ], - "bytes_scanned_cutoff_per_query": [ - { - "default": 10485760, - "description": "The upper data usage limit (cutoff) for the amount of bytes a single query in a workgroup is allowed to scan.", - "nullable": false, - "type": "number" - } - ], - "database_force_destroy": [ - { - "default": false, - "description": "Whether to destroy all tables in the database when destroying the database resource.", - "nullable": false, - "type": "bool" - } - ], - "database_name": [ - { - "description": "Name of the database to create.", - "nullable": false, - "type": "string" - } - ], - "encrypt_query_results": [ - { - "default": true, - "description": "Specifies whether query results must be encrypted, for all queries that run in this workgroup.", - "nullable": false, - "type": "bool" - } - ], - "encryption_option": [ - { - "default": "SSE_KMS", - "description": "Type of key.", - "nullable": false, - "type": "string" - } - ], - "expected_bucket_owner": [ - { - "description": "AWS account ID that you expect to be the owner of the Amazon S3 bucket.", - "nullable": true, - "type": "string" - } - ], - "kms_key": [ - { - "description": "The ARN of the KMS key to be used to decrypt the data in S3.", - "nullable": true, - "type": "string" - } - ], - "query": [ - { - "description": "The query string.", - "nullable": false, - "type": "string" - } - ], - "query_description": [ - { - "description": "The description for the named query.", - "nullable": true, - "type": "string" - } - ], - "query_name": [ - { - "description": "The name of the query.", - "type": "string" - } - ], - "query_results_encryption_option": [ - { - "default": "SSE_KMS", - "description": "Type of encryption.", - "nullable": false, - "type": "string" - } - ], - "require_encryption_configuration": [ - { - "default": false, - "description": "Encryption key block AWS Athena uses to decrypt the data in S3.", - "nullable": false, - "type": "bool" - } - ], - "result_output_location": [ - { - "description": "The location in Amazon S3 where your query results are stored, such as s3://path/to/query/bucket/.", - "nullable": true, - "type": "string" - } - ], - "set_acl_configuration": [ - { - "default": false, - "description": "Should an Amazon S3 canned ACL be set to control ownership of stored query results.", - "nullable": false, - "type": "bool" - } - ], - "workgroup_description": [ - { - "description": "The description of the workgroup.", - "nullable": true, - "type": "string" - } - ], - "workgroup_force_destroy": [ - { - "default": false, - "description": "Option to delete the workgroup and its contents even if the workgroup contains any named queries.", - "nullable": false, - "type": "bool" - } - ], - "workgroup_name": [ - { - "description": "The name of the workgroup.", - "nullable": false, - "type": "string" - } - ], - "workgroup_state": [ - { - "default": "ENABLED", - "description": "The state of the workgroup.", - "nullable": false, - "type": "string" - } - ], - "tags": [ - { - "default": {}, - "description": "A map of tags to apply to the resources", - "type": "map(string)", - "nullable":true - } - ] - } -} \ No newline at end of file diff --git a/iac-source1/terraform/modules/aws_eks_cluster/aws_eks_cluster.tf b/iac-source1/terraform/modules/aws_eks_cluster/aws_eks_cluster.tf new file mode 100644 index 0000000..ade55de --- /dev/null +++ b/iac-source1/terraform/modules/aws_eks_cluster/aws_eks_cluster.tf @@ -0,0 +1,130 @@ +resource "aws_eks_cluster" "this" { + name = var.name + role_arn = var.role_arn + tags = var.tags + version = var.eks_version + enabled_cluster_log_types = var.enabled_cluster_log_types + bootstrap_self_managed_addons = var.bootstrap_self_managed_addons + + dynamic "vpc_config" { + for_each = var.vpc_config != null ? var.vpc_config : [] + content { + endpoint_private_access = vpc_config.value.endpoint_private_access + endpoint_public_access = vpc_config.value.endpoint_public_access + public_access_cidrs = vpc_config.value.public_access_cidrs + subnet_ids = vpc_config.value.subnet_ids + security_group_ids = vpc_config.value.security_group_ids + } + } + dynamic "access_config" { + for_each = var.access_config + content { + authentication_mode = access_config.value.authentication_mode + bootstrap_cluster_creator_admin_permissions = access_config.value.bootstrap_cluster_creator_admin_permissions + } + } + + dynamic "encryption_config" { + for_each = var.encryption_config + content { + dynamic "provider" { + for_each = encryption_config.value.provider + content { + key_arn = provider.value.key_arn + } + } + resources = encryption_config.value.resources + } + } + + dynamic "kubernetes_network_config" { + for_each = var.kubernetes_network_config + content { + dynamic "elastic_load_balancing" { + for_each = kubernetes_network_config.value.elastic_load_balancing == null ? [] : kubernetes_network_config.value.elastic_load_balancing + content { + enabled = elastic_load_balancing.value.enabled + } + } + service_ipv4_cidr = kubernetes_network_config.value.service_ipv4_cidr + ip_family = kubernetes_network_config.value.ip_family + } + } + + dynamic "outpost_config" { + for_each = var.outpost_config + content { + control_plane_instance_type = outpost_config.value.control_plane_instance_type + outpost_arns = outpost_config.value.outpost_arns + + dynamic "control_plane_placement" { + for_each = outpost_config.value.control_plane_placement + content { + group_name = control_plane_placement.value.group_name + } + } + } + } + + dynamic "timeouts" { + for_each = var.timeouts != null ? [var.timeouts] : [] + content { + create = lookup(timeouts.value, "create", null) + delete = lookup(timeouts.value, "delete", null) + update = lookup(timeouts.value, "update", null) + } + } + + dynamic "compute_config" { + for_each = var.compute_config + content { + enabled = compute_config.value.enabled + node_pools = compute_config.value.node_pools + node_role_arn = compute_config.value.node_role_arn + } + } + + dynamic "storage_config" { + for_each = var.storage_config + content { + dynamic "block_storage" { + for_each = storage_config.value.block_storage + content { + enabled = block_storage.value.enabled + } + } + } + } + + dynamic "remote_network_config" { + for_each = var.remote_network_config != null ? var.remote_network_config : [] + content { + dynamic "remote_node_networks" { + for_each = remote_network_config.value.remote_node_networks + content { + cidrs = remote_node_networks.value.cidrs + } + } + dynamic "remote_pod_networks" { + for_each = remote_network_config.value.remote_pod_networks != null ? remote_network_config.value.remote_pod_networks : [] + content { + cidrs = remote_pod_networks.value.cidrs + } + } + } + } + + dynamic "upgrade_policy" { + for_each = var.upgrade_policy != null ? var.upgrade_policy : [] + content { + support_type = upgrade_policy.value.support_type + } + } + + dynamic "zonal_shift_config" { + for_each = var.zonal_shift_config + content { + enabled = zonal_shift_config.value.enabled + } + } +} diff --git a/iac-source1/terraform/modules/aws_eks_cluster/outputs.tf.json b/iac-source1/terraform/modules/aws_eks_cluster/outputs.tf.json new file mode 100644 index 0000000..cf6c8ac --- /dev/null +++ b/iac-source1/terraform/modules/aws_eks_cluster/outputs.tf.json @@ -0,0 +1,14 @@ +{ + "output": { + "arn": { + "description": "ARN of the cluster.", + "sensitive": false, + "value": "${aws_eks_cluster.this.arn}" + }, + "id": { + "description": "Name of the cluster.", + "sensitive": false, + "value": "${aws_eks_cluster.this.id}" + } + } +} \ No newline at end of file diff --git a/iac-source1/terraform/modules/aws_eks_cluster/variables.tf.json b/iac-source1/terraform/modules/aws_eks_cluster/variables.tf.json new file mode 100644 index 0000000..eee872d --- /dev/null +++ b/iac-source1/terraform/modules/aws_eks_cluster/variables.tf.json @@ -0,0 +1,128 @@ +{ + "variable": { + "name": [ + { + "type": "string", + "description": "Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores.", + "validation": { + "condition": "${length(var.name) >= 1 && length(var.name) <= 100 && can(regex(\"^[a-zA-Z0-9][a-zA-Z0-9-_]*$\", var.name))}", + "error_message": "`Name` must be between 1-100 characters in length, must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores." + }, + "nullable": false + } + ], + "role_arn": [ + { + "type": "string", + "description": "ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.", + "nullable": false + } + ], + "vpc_config": [ + { + "type": "list(object({subnet_ids: list(string), security_group_ids: list(string), endpoint_public_access: bool, endpoint_private_access: bool, public_access_cidrs: list(string)}))", + "description": "Configuration block with VPC configuration for the cluster. If removed, Terraform will only perform drift detection if a configuration value is provided.", + "nullable": false + } + ], + "access_config": [ + { + "type": "list(object({authentication_mode: string, bootstrap_cluster_creator_admin_permissions: bool}))", + "description": "Configuration block for the access config associated with your cluster.", + "nullable": true + } + ], + "encryption_config": [ + { + "type": "list(object({provider: list(object({key_arn: string})), resources: list(string)}))", + "description": "ARN of the Key Management Service (KMS) customer master key (CMK). Used to configure encryption. The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK.", + "nullable": true + } + ], + "kubernetes_network_config": [ + { + "type": "list(object({service_ipv4_cidr: string, ip_family: string, elastic_load_balancing: optional(list(object({enabled: bool})))}))", + "description": "Configuration block with kubernetes network configuration for the cluster. If removed, Terraform will only perform drift detection if a configuration value is provided.", + "nullable": true + } + ], + "outpost_config": [ + { + "type": "list(object({control_plane_instance_type: string, outpost_arns: list(string), control_plane_placement: list(object({group_name: string}))}))", + "description": "Configuration block representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This block isn't available for creating Amazon EKS clusters on the AWS cloud.", + "nullable": true + } + ], + "tags": [ + { + "type": "map(string)", + "description": "Key-value map of resource tags.", + "nullable": true + } + ], + "eks_version": [ + { + "type": "string", + "description": "Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.", + "nullable": true + } + ], + "enabled_cluster_log_types": [ + { + "type": "list(string)", + "description": "A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging.", + "nullable": true + } + ], + "timeouts": [ + { + "type": "object({create: optional(string), update: optional(string), delete: optional(string)})", + "description": "The timeouts for create, update and delete operations", + "nullable": true + } + ], + "bootstrap_self_managed_addons": [ + { + "type": "bool", + "description": "Whether to bootstrap the self-managed addons", + "nullable": true, + "default": true + } + ], + "compute_config": [ + { + "type": "list(object({enabled: bool, node_pools:list(string), node_role_arn:string}))", + "description": "Configuration block with compute configuration for the cluster.", + "nullable": true + } + ], + "storage_config": [ + { + "type": "list(object({block_storage: list(object({enabled: bool}))}))", + "description": "Configuration block with storage configuration for the cluster.", + "nullable": true + } + ], + "remote_network_config": [ + { + "type": "list(object({remote_node_networks: list(object({cidrs: list(string)})), remote_pod_networks: optional(list(object({cidrs: list(string)})))}))", + "description": "Configuration block with remote network configuration for the cluster. Contains remote node and pod network settings.", + "nullable": true + } + ], + "upgrade_policy": [ + { + "type": "list(object({support_type: string}))", + "description": "Configuration block representing the upgrade policy for the cluster.", + "nullable": true + } + ], + "zonal_shift_config": [ + { + "type": "list(object({enabled: bool}))", + "description": "Configuration block with zonal shift configuration for the cluster.", + "nullable": true + } + ] + } +} \ No newline at end of file diff --git a/iac-source1/terraform/modules/aws_iam_role/aws_iam_role.tf b/iac-source1/terraform/modules/aws_iam_role/aws_iam_role.tf new file mode 100644 index 0000000..c6828aa --- /dev/null +++ b/iac-source1/terraform/modules/aws_iam_role/aws_iam_role.tf @@ -0,0 +1,20 @@ +resource "aws_iam_role" "this" { + name = var.name + description = var.description + permissions_boundary = var.permissions_boundary == "" ? null : var.permissions_boundary + assume_role_policy = var.assume_role_policy + path = var.path != "" ? var.path : "/" + max_session_duration = var.max_session_duration != 0 ? var.max_session_duration : 3600 + + dynamic "inline_policy" { + # if policy and name are not empty, then create the inline policy + for_each = [for policy in var.inline_policy : policy if policy.policy != "" && policy.name != ""] + + content { + name = inline_policy.value.name + policy = inline_policy.value.policy + } + } + force_detach_policies = var.force_detach_policies + tags = var.tags +} diff --git a/iac-source1/terraform/modules/aws_iam_role/outputs.tf.json b/iac-source1/terraform/modules/aws_iam_role/outputs.tf.json new file mode 100644 index 0000000..9c2ea74 --- /dev/null +++ b/iac-source1/terraform/modules/aws_iam_role/outputs.tf.json @@ -0,0 +1,14 @@ +{ + "output": { + "arn": { + "description": "The value of the arn output", + "sensitive": false, + "value": "${aws_iam_role.this.arn}" + }, + "name": { + "description": "The value of the name output", + "sensitive": false, + "value": "${aws_iam_role.this.name}" + } + } +} \ No newline at end of file diff --git a/iac-source1/terraform/modules/aws_iam_role/variables.tf.json b/iac-source1/terraform/modules/aws_iam_role/variables.tf.json new file mode 100644 index 0000000..4631717 --- /dev/null +++ b/iac-source1/terraform/modules/aws_iam_role/variables.tf.json @@ -0,0 +1,69 @@ +{ + "variable": { + "assume_role_policy": [ + { + "description": "The policy that grants an entity permission to assume the role", + "type": "string", + "nullable": false + } + ], + "description": [ + { + "description": "The description of the role", + "nullable": true, + "type": "string" + } + ], + "force_detach_policies": [ + { + "default": true, + "description": "Specifies to force detaching any policies the role has before destroying it", + "type": "bool", + "nullable": true + } + ], + "inline_policy": [ + { + "description": "The policy document", + "nullable": true, + "type": "list(object({ name: string, policy: string }))" + } + ], + "name": [ + { + "description": "The name of the role", + "type": "string", + "nullable": true + } + ], + "tags": [ + { + "description": "A mapping of tags to assign to the role", + "nullable": true, + "type": "map(string)" + } + ], + "path": [ + { + "description": "The path to the role", + "type": "string", + "nullable": true + } + ], + "max_session_duration": [ + { + "description": "The maximum session duration (in seconds) that you want to set for the specified role", + "type": "number", + "nullable": true + } + ], + "permissions_boundary": [ + { + "description": "The ARN of the policy that is used to set the permissions boundary for the role", + "type": "string", + "nullable": true, + "default": null + } + ] + } +} diff --git a/iac-source1/terraform/modules/aws_s3/aws_s3.tf b/iac-source1/terraform/modules/aws_s3/aws_s3.tf deleted file mode 100644 index 04d372b..0000000 --- a/iac-source1/terraform/modules/aws_s3/aws_s3.tf +++ /dev/null @@ -1,107 +0,0 @@ -resource "aws_s3_bucket" "this" { - bucket = var.bucket_name - tags = var.tags -} - -# create versioning for the bucket -resource "aws_s3_bucket_versioning" "this" { - # create this resource only if var.versioning is not empty - count = var.enable_versioning ? 1 : 0 - - bucket = aws_s3_bucket.this.id - - # enable versioning - versioning_configuration { - status = "Enabled" - } -} - -# Create a server-side encryption configuration for the bucket -resource "aws_s3_bucket_server_side_encryption_configuration" "this" { - # create this resource only if var.sse_algorithm is not empty - count = var.sse_algorithm != "" ? 1 : 0 - - bucket = aws_s3_bucket.this.id - - rule { - apply_server_side_encryption_by_default { - kms_master_key_id = var.sse_algorithm == "aws:kms" ? aws_kms_key.custom_s3_kms_key[0].key_id : null - sse_algorithm = var.sse_algorithm - } - } -} - -# block public access -resource "aws_s3_bucket_public_access_block" "this" { - - bucket = aws_s3_bucket.this.id - - block_public_acls = var.block_public_access - block_public_policy = var.block_public_access - ignore_public_acls = var.block_public_access - restrict_public_buckets = var.block_public_access -} - - -resource "aws_s3_bucket_website_configuration" "this" { - count = var.enable_website_configuration ? 1 : 0 - bucket = aws_s3_bucket.this.id - - index_document { - suffix = var.website_index_document - } - - error_document { - key = var.website_error_document - } -} - -resource "aws_s3_bucket_policy" "website_bucket_policy" { - count = var.enable_website_configuration ? 1 : 0 - bucket = aws_s3_bucket.this.id - policy = data.aws_iam_policy_document.website_bucket_policy[0].json -} - -data "aws_iam_policy_document" "website_bucket_policy" { - count = var.enable_website_configuration ? 1 : 0 - statement { - effect = "Allow" - principals { - type = "AWS" - identifiers = ["*"] - } - actions = ["s3:GetObject"] - resources = ["${aws_s3_bucket.this.arn}/*"] - - } -} - -resource "aws_s3_bucket_policy" "allow_access" { - count = var.bucket_policy != "" ? 1 : 0 - bucket = aws_s3_bucket.this.id - policy = var.bucket_policy -} - - -resource "aws_kms_key" "custom_s3_kms_key" { - count = var.sse_algorithm == "aws:kms" ? 1 : 0 - description = "Custom KMS key for s3 bucket encryption" - enable_key_rotation = true -} - -resource "aws_kms_alias" "a" { - count = var.sse_algorithm == "aws:kms" ? 1 : 0 - name = "alias/s3-${replace(aws_s3_bucket.this.bucket, ".", "-")}" - target_key_id = aws_kms_key.custom_s3_kms_key[0].key_id -} - -data "aws_caller_identity" "current" {} - - - - - - - - - diff --git a/iac-source1/terraform/modules/aws_s3/outputs.tf.json b/iac-source1/terraform/modules/aws_s3/outputs.tf.json deleted file mode 100644 index b5bf317..0000000 --- a/iac-source1/terraform/modules/aws_s3/outputs.tf.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "output": { - "arn": { - "description": "The value of the arn output", - "sensitive": false, - "value": "${aws_s3_bucket.this.arn}" - }, - "bucket_name": { - "description": "The value of the bucket_name output", - "sensitive": false, - "value": "${aws_s3_bucket.this.id}" - }, - "bucket_website_endpoint": { - "description": "The value of the bucket_website_endpoint output", - "sensitive": false, - "value": "${var.enable_website_configuration ? aws_s3_bucket_website_configuration.this[0].website_endpoint : null}" - }, - "kms_arn": { - "description": "The value of the kms_arn output", - "sensitive": false, - "value": "${var.sse_algorithm == \"aws:kms\" ? aws_kms_key.custom_s3_kms_key[0].arn : null}" - } - } -} \ No newline at end of file diff --git a/iac-source1/terraform/modules/aws_s3/variables.tf.json b/iac-source1/terraform/modules/aws_s3/variables.tf.json deleted file mode 100644 index bce1322..0000000 --- a/iac-source1/terraform/modules/aws_s3/variables.tf.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "variable": { - "block_public_access": [ - { - "default": true, - "description": "A state of block public access. If false, block public access is not enabled.", - "type": "bool", - "nullable": true - } - ], - "bucket_name": [ - { - "description": "The name of the s3 bucket", - "nullable": false, - "type": "string" - } - ], - "enable_versioning": [ - { - "default": true, - "description": "Enable versioning for the bucket", - "type": "bool", - "nullable": true - } - ], - "sse_algorithm": [ - { - "default": "aws:kms", - "description": "The server-side encryption algorithm to use. Valid values are AES256 and aws:kms. If you specify aws:kms, a new KMS key will be provisioned and used. If empty, no encryption is performed.", - "type": "string", - "nullable": true - } - ], - "enable_website_configuration": [ - { - "default": false, - "description": "Enable website configuration for the bucket", - "type": "bool" - } - ], - "website_index_document": [ - { - "description": "The index document for the bucket", - "type": "string", - "default": "index.html" - } - ], - "website_error_document": [ - { - "description": "The error document for the bucket", - "type": "string", - "default": "404.html" - } - ], - "bucket_policy": [ - { - "description": "The IAM policy of the bucket (can be used to allow access to other roles or accounts)", - "type": "string", - "default": "", - "nullable": true - } - ], - "tags": [ - { - "default": {}, - "description": "A mapping of AWS tags to assign to the bucket.", - "type": "map(string)", - "nullable": true - } - ] - } - } \ No newline at end of file diff --git a/iac-source1/terraform/modules/aws_s3_bucket/aws_s3_bucket.tf b/iac-source1/terraform/modules/aws_s3_bucket/aws_s3_bucket.tf new file mode 100644 index 0000000..e5d35e4 --- /dev/null +++ b/iac-source1/terraform/modules/aws_s3_bucket/aws_s3_bucket.tf @@ -0,0 +1,10 @@ +resource "aws_s3_bucket" "this" { + bucket = var.bucket + force_destroy = var.force_destroy + object_lock_enabled = var.object_lock_enabled + tags = var.tags +} + + + + diff --git a/iac-source1/terraform/modules/aws_s3_bucket/outputs.tf.json b/iac-source1/terraform/modules/aws_s3_bucket/outputs.tf.json new file mode 100644 index 0000000..b1db45e --- /dev/null +++ b/iac-source1/terraform/modules/aws_s3_bucket/outputs.tf.json @@ -0,0 +1,19 @@ +{ + "output": { + "arn": { + "description": "The value of the arn output", + "sensitive": false, + "value": "${aws_s3_bucket.this.arn}" + }, + "bucket": { + "description": "The value of the bucket output", + "sensitive": false, + "value": "${aws_s3_bucket.this.bucket}" + }, + "id": { + "description": "The value of the id output", + "sensitive": false, + "value": "${aws_s3_bucket.this.id}" + } + } +} \ No newline at end of file diff --git a/iac-source1/terraform/modules/aws_s3_bucket/variables.tf.json b/iac-source1/terraform/modules/aws_s3_bucket/variables.tf.json new file mode 100644 index 0000000..d81483d --- /dev/null +++ b/iac-source1/terraform/modules/aws_s3_bucket/variables.tf.json @@ -0,0 +1,36 @@ +{ + "variable": { + "bucket": [ + { + "default": "", + "description": "The name of the S3 bucket", + "type": "string", + "nullable": true + } + ], + "force_destroy": [ + { + "default": false, + "description": "Indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.", + "type": "bool", + "nullable": true + } + ], + "object_lock_enabled": [ + { + "default": false, + "description": "Enable object locking for this bucket. Object lock allows you to store objects using a write once, read many (WORM) model.", + "type": "bool", + "nullable": true + } + ], + "tags": [ + { + "default": {}, + "description": "A mapping of AWS tags to assign to the bucket.", + "type": "map(string)", + "nullable": true + } + ] + } +} \ No newline at end of file diff --git a/iac-source1/terraform/modules/aws_s3_bucket_public_access_block/aws_s3_bucket_public_access_block.tf b/iac-source1/terraform/modules/aws_s3_bucket_public_access_block/aws_s3_bucket_public_access_block.tf new file mode 100644 index 0000000..15da3ac --- /dev/null +++ b/iac-source1/terraform/modules/aws_s3_bucket_public_access_block/aws_s3_bucket_public_access_block.tf @@ -0,0 +1,7 @@ +resource "aws_s3_bucket_public_access_block" "this" { + bucket = var.bucket + block_public_acls = var.block_public_acls + block_public_policy = var.block_public_policy + ignore_public_acls = var.ignore_public_acls + restrict_public_buckets = var.restrict_public_buckets +} diff --git a/iac-source1/terraform/modules/aws_s3_bucket_public_access_block/variables.tf.json b/iac-source1/terraform/modules/aws_s3_bucket_public_access_block/variables.tf.json new file mode 100644 index 0000000..945cb63 --- /dev/null +++ b/iac-source1/terraform/modules/aws_s3_bucket_public_access_block/variables.tf.json @@ -0,0 +1,44 @@ +{ + "variable": { + "bucket": [ + { + "default": "", + "description": "The name of the bucket to store the file in", + "nullable": false, + "type": "string" + } + ], + "block_public_acls": [ + { + "default": true, + "description": "Whether Amazon S3 should block public ACLs for this bucket", + "nullable": true, + "type": "bool" + } + ], + "block_public_policy": [ + { + "default": true, + "description": "Whether Amazon S3 should block public bucket policies for this bucket", + "nullable": true, + "type": "bool" + } + ], + "ignore_public_acls": [ + { + "default": true, + "description": "Whether Amazon S3 should ignore public ACLs for this bucket", + "nullable": true, + "type": "bool" + } + ], + "restrict_public_buckets": [ + { + "default": true, + "description": "Whether Amazon S3 should restrict public buckets for this bucket", + "nullable": true, + "type": "bool" + } + ] + } +} \ No newline at end of file diff --git a/iac-source1/terraform/modules/aws_subnet/aws_subnet.tf b/iac-source1/terraform/modules/aws_subnet/aws_subnet.tf new file mode 100644 index 0000000..443708b --- /dev/null +++ b/iac-source1/terraform/modules/aws_subnet/aws_subnet.tf @@ -0,0 +1,9 @@ +resource "aws_subnet" "this" { + vpc_id = var.vpc_id + availability_zone = var.availability_zone + cidr_block = var.cidr_block + map_public_ip_on_launch = var.map_public_ip_on_launch + + tags = var.tags + +} diff --git a/iac-source1/terraform/modules/aws_subnet/outputs.tf.json b/iac-source1/terraform/modules/aws_subnet/outputs.tf.json new file mode 100644 index 0000000..53e901f --- /dev/null +++ b/iac-source1/terraform/modules/aws_subnet/outputs.tf.json @@ -0,0 +1,14 @@ +{ + "output": { + "arn": { + "description": "The value of the arn output", + "sensitive": false, + "value": "${aws_subnet.this.arn}" + }, + "id": { + "description": "The value of the id output", + "sensitive": false, + "value": "${aws_subnet.this.id}" + } + } +} \ No newline at end of file diff --git a/iac-source1/terraform/modules/aws_subnet/variables.tf.json b/iac-source1/terraform/modules/aws_subnet/variables.tf.json new file mode 100644 index 0000000..cf9f712 --- /dev/null +++ b/iac-source1/terraform/modules/aws_subnet/variables.tf.json @@ -0,0 +1,40 @@ +{ + "variable": { + "vpc_id": [ + { + "description": "The VPC ID", + "type": "string", + "nullable": false + } + ], + "cidr_block": [ + { + "description": "The CIDR block for the subnet", + "type": "string", + "nullable": true + } + ], + "availability_zone": [ + { + "description": "The availability zone", + "type": "string", + "nullable": true + } + ], + "tags": [ + { + "description": "The tags to apply to the subnet", + "type": "map(string)", + "nullable": true + } + ], + "map_public_ip_on_launch":[ + { + "description": "Specify true to indicate that instances launched into the subnet should be assigned a public IP address.", + "type": "bool", + "nullable": true, + "default": false + } + ] + } +} \ No newline at end of file diff --git a/iac-source1/terraform/modules/aws_vpc/aws_vpc.tf b/iac-source1/terraform/modules/aws_vpc/aws_vpc.tf new file mode 100644 index 0000000..ce66b21 --- /dev/null +++ b/iac-source1/terraform/modules/aws_vpc/aws_vpc.tf @@ -0,0 +1,8 @@ +resource "aws_vpc" "this" { + cidr_block = var.cidr_block + instance_tenancy = var.instance_tenancy + enable_dns_support = var.enable_dns_support + enable_dns_hostnames = var.enable_dns_hostnames + enable_network_address_usage_metrics = var.enable_network_address_usage_metrics + tags = var.tags +} diff --git a/iac-source1/terraform/modules/aws_vpc/outputs.tf.json b/iac-source1/terraform/modules/aws_vpc/outputs.tf.json new file mode 100644 index 0000000..076a056 --- /dev/null +++ b/iac-source1/terraform/modules/aws_vpc/outputs.tf.json @@ -0,0 +1,19 @@ +{ + "output": { + "arn": { + "description": "The value of the arn output", + "sensitive": false, + "value": "${aws_vpc.this.arn}" + }, + "id": { + "description": "The value of the id output", + "sensitive": false, + "value": "${aws_vpc.this.id}" + }, + "vpc_id": { + "description": "The value of the vpc_id output", + "sensitive": false, + "value": "${aws_vpc.this.id}" + } + } +} \ No newline at end of file diff --git a/iac-source1/terraform/modules/aws_vpc/variables.tf.json b/iac-source1/terraform/modules/aws_vpc/variables.tf.json new file mode 100644 index 0000000..f8fb561 --- /dev/null +++ b/iac-source1/terraform/modules/aws_vpc/variables.tf.json @@ -0,0 +1,47 @@ +{ + "variable": { + "cidr_block": [ + { + "description": "The IPv4 CIDR block for the VPC.", + "nullable": false, + "type": "string" + } + ], + "instance_tenancy": [ + { + "description": "The IPv4 CIDR block for the VPC.", + "default": "default", + "type": "string" + } + ], + "enable_dns_support": [ + { + "description": "A boolean flag to enable/disable DNS support in the VPC.", + "default": true, + "type": "bool" + } + ], + "enable_network_address_usage_metrics": [ + { + "description": "Indicates whether Network Address Usage metrics are enabled for your VPC.", + "default": false, + "type": "bool" + } + ], + "enable_dns_hostnames": [ + { + "description": "A boolean flag to enable/disable DNS hostnames in the VPC.", + "default": false, + "type": "bool" + } + ], + "tags": [ + { + "description": "The tags to apply to the subnet", + "type": "map(string)", + "nullable": true, + "default": {} + } + ] + } +} diff --git a/iac-source1/terraform/modules/data_aws_availability_zones/data_aws_availability_zones.tf b/iac-source1/terraform/modules/data_aws_availability_zones/data_aws_availability_zones.tf new file mode 100644 index 0000000..4b2af75 --- /dev/null +++ b/iac-source1/terraform/modules/data_aws_availability_zones/data_aws_availability_zones.tf @@ -0,0 +1,7 @@ +data "aws_availability_zones" "this" { + + all_availability_zones = var.all_availability_zones + exclude_names = var.exclude_names + exclude_zone_ids = var.exclude_zone_ids + state = var.state +} diff --git a/iac-source1/terraform/modules/data_aws_availability_zones/outputs.tf.json b/iac-source1/terraform/modules/data_aws_availability_zones/outputs.tf.json new file mode 100644 index 0000000..7b20e54 --- /dev/null +++ b/iac-source1/terraform/modules/data_aws_availability_zones/outputs.tf.json @@ -0,0 +1,24 @@ +{ + "output": { + "group_names": { + "description": "A set of group names for the availability zones.", + "sensitive": false, + "value": "${data.aws_availability_zones.this.group_names}" + }, + "id": { + "description": "A unique identifier for the availability zones data source.", + "sensitive": false, + "value": "${data.aws_availability_zones.this.id}" + }, + "names": { + "description": "A list of names of the availability zones.", + "sensitive": false, + "value": "${data.aws_availability_zones.this.names}" + }, + "zone_ids": { + "description": "A list of unique identifiers for each availability zone.", + "sensitive": false, + "value": "${data.aws_availability_zones.this.zone_ids}" + } + } +} \ No newline at end of file diff --git a/iac-source1/terraform/modules/data_aws_availability_zones/variables.tf.json b/iac-source1/terraform/modules/data_aws_availability_zones/variables.tf.json new file mode 100644 index 0000000..19f159e --- /dev/null +++ b/iac-source1/terraform/modules/data_aws_availability_zones/variables.tf.json @@ -0,0 +1,32 @@ +{ + "variable": { + "all_availability_zones": [ + { + "description": "A boolean value that determines whether to include all available availability zones.", + "nullable": true, + "type": "bool" + } + ], + "exclude_names": [ + { + "description": "A set of availability zone names to exclude from the selection.", + "nullable": true, + "type": "list(string)" + } + ], + "exclude_zone_ids": [ + { + "description": "A set of availability zone IDs to exclude from the selection.", + "nullable": true, + "type": "list(string)" + } + ], + "state": [ + { + "description": "The state of the availability zones to consider, such as 'available'.", + "nullable": true, + "type": "string" + } + ] + } +} \ No newline at end of file diff --git a/iac-source1/terraform/modules/data_aws_iam_policy_document/data_aws_iam_policy_document.tf b/iac-source1/terraform/modules/data_aws_iam_policy_document/data_aws_iam_policy_document.tf new file mode 100644 index 0000000..3e93307 --- /dev/null +++ b/iac-source1/terraform/modules/data_aws_iam_policy_document/data_aws_iam_policy_document.tf @@ -0,0 +1,44 @@ +data "aws_iam_policy_document" "this" { + override_json = var.override_json + override_policy_documents = var.override_policy_documents + policy_id = var.policy_id + source_json = var.source_json + source_policy_documents = var.source_policy_documents + + dynamic "statement" { + for_each = var.statement + content { + actions = statement.value.actions + effect = statement.value.effect + not_actions = statement.value.not_actions + not_resources = statement.value.not_resources + resources = statement.value.resources + sid = statement.value.sid + + dynamic "condition" { + for_each = lookup(statement.value, "condition", []) + content { + test = condition.value.test + values = condition.value.values + variable = condition.value.variable + } + } + + dynamic "not_principals" { + for_each = lookup(statement.value, "not_principals", []) + content { + identifiers = not_principals.value.identifiers + type = not_principals.value.type + } + } + + dynamic "principals" { + for_each = lookup(statement.value, "principals", []) + content { + identifiers = principals.value.identifiers + type = principals.value.type + } + } + } + } +} diff --git a/iac-source1/terraform/modules/data_aws_iam_policy_document/outputs.tf.json b/iac-source1/terraform/modules/data_aws_iam_policy_document/outputs.tf.json new file mode 100644 index 0000000..2f623d9 --- /dev/null +++ b/iac-source1/terraform/modules/data_aws_iam_policy_document/outputs.tf.json @@ -0,0 +1,19 @@ +{ + "output": { + "id": { + "description": "The unique identifier for the IAM policy document.", + "sensitive": false, + "value": "${data.aws_iam_policy_document.this.id}" + }, + "json": { + "description": "The JSON formatted IAM policy document.", + "sensitive": false, + "value": "${data.aws_iam_policy_document.this.json}" + }, + "minified_json": { + "description": "The compact JSON representation of the IAM policy document without unnecessary whitespace.", + "sensitive": false, + "value": "${data.aws_iam_policy_document.this.minified_json}" + } + } +} \ No newline at end of file diff --git a/iac-source1/terraform/modules/data_aws_iam_policy_document/variables.tf.json b/iac-source1/terraform/modules/data_aws_iam_policy_document/variables.tf.json new file mode 100644 index 0000000..848f61a --- /dev/null +++ b/iac-source1/terraform/modules/data_aws_iam_policy_document/variables.tf.json @@ -0,0 +1,46 @@ +{ + "variable": { + "override_json": [ + { + "description": "A string containing a JSON policy document that can override other settings.", + "nullable": true, + "type": "string" + } + ], + "override_policy_documents": [ + { + "description": "A list of JSON policy documents that can override other policy documents.", + "nullable": true, + "type": "list(string)" + } + ], + "policy_id": [ + { + "description": "An optional identifier for the policy document.", + "nullable": true, + "type": "string" + } + ], + "source_json": [ + { + "description": "A string containing a JSON policy document that serves as the base policy.", + "nullable": true, + "type": "string" + } + ], + "source_policy_documents": [ + { + "description": "A list of JSON policy documents that serve as the base policies.", + "nullable": true, + "type": "list(string)" + } + ], + "statement": [ + { + "description": "A list of policy statements to include in the policy document.", + "nullable": true, + "type": "list(object({ actions : list(string), effect : string, not_actions : list(string), not_resources : list(string), resources : list(string), sid : string, condition : list(object({ test : string, values : list(string), variable : string })), not_principals : list(object({ identifiers : list(string), type : string })), principals : list(object({ identifiers : list(string), type : string })) }))" + } + ] + } +} \ No newline at end of file diff --git a/iac-source1/terraform/modules/random_string/outputs.tf.json b/iac-source1/terraform/modules/random_string/outputs.tf.json new file mode 100644 index 0000000..c4a3507 --- /dev/null +++ b/iac-source1/terraform/modules/random_string/outputs.tf.json @@ -0,0 +1,9 @@ +{ + "output": { + "result": { + "description": "The generated random string.", + "sensitive": false, + "value": "${random_string.this.result}" + } + } +} \ No newline at end of file diff --git a/iac-source1/terraform/modules/random_string/random_string.tf b/iac-source1/terraform/modules/random_string/random_string.tf new file mode 100644 index 0000000..315e9bb --- /dev/null +++ b/iac-source1/terraform/modules/random_string/random_string.tf @@ -0,0 +1,12 @@ +resource "random_string" "this" { + length = var.length + special = var.special + override_special = var.override_special + lower = var.lower + upper = var.upper + numeric = var.numeric + min_lower = min(var.min_lower, 0) + min_upper = min(var.min_upper, 0) + min_numeric = min(var.min_numeric, 0) + min_special = min(var.min_special, 0) +} diff --git a/iac-source1/terraform/modules/random_string/variables.tf.json b/iac-source1/terraform/modules/random_string/variables.tf.json new file mode 100644 index 0000000..5a62e58 --- /dev/null +++ b/iac-source1/terraform/modules/random_string/variables.tf.json @@ -0,0 +1,64 @@ +{ + "variable": { + "length": [{ + "type": "number", + "description": "The length of the string desired. The minimum value for length is 1 and, length must also be >= (`Min Upper` + `Min Lower` + `Min Numeric` + `Min Special`)." + }], + "special": [{ + "type": "bool", + "description": "If true, include special characters in the result." + }], + "upper": [{ + "type": "bool", + "description": "Include special characters in the result. These are !@#$%&*()-_=+[]{}<>:?.", + "nullable": true, + "default": true + }], + "lower": [{ + "type": "bool", + "description": "Include lowercase letters in the result.", + "nullable": true, + "default": true + }], + "numeric": [{ + "type": "bool", + "description": "Include numeric characters in the result.", + "nullable": true, + "default": true + }], + "override_special": [{ + "type": "string", + "description": "Supply a string of characters that will be used to override the default character set. The `Special` attribute must be true for this attribute to be used.", + "nullable": true + }], + "keepers": [{ + "type": "map(string)", + "description": "Supply a string of characters that will be used to override the default character set. The `Special` attribute must be true for this attribute to be used.", + "nullable": true + }], + "min_lower": [{ + "type": "number", + "description": "The minimum number of lowercase letters in the result.", + "nullable": true, + "default": 0 + }], + "min_upper": [{ + "type": "number", + "description": "The minimum number of uppercase letters in the result.", + "nullable": true, + "default": 0 + }], + "min_numeric": [{ + "type": "number", + "description": "The minimum number of numeric characters in the result.", + "nullable": true, + "default": 0 + }], + "min_special": [{ + "type": "number", + "description": "The minimum number of special characters in the result.", + "nullable": true, + "default": 0 + }] + } +} \ No newline at end of file diff --git a/iac-source1/terraform/moves.tf b/iac-source1/terraform/moves.tf new file mode 100644 index 0000000..b72c9fc --- /dev/null +++ b/iac-source1/terraform/moves.tf @@ -0,0 +1,50 @@ +moved { + from = module.compute.aws_eks_cluster.eks + to = module.stackgen_34b80001-017a-5312-9144-65da25a068a9.aws_eks_cluster.this +} + +moved { + from = module.network.aws_subnet.public[0] + to = module.stackgen_031238de-adc8-51a3-91d9-c93de1930675.aws_subnet.this +} + +moved { + from = module.storage.random_string.suffix + to = module.stackgen_473ba727-cbcd-51d9-b1ab-49f583404fe7.random_string.this +} + +moved { + from = module.compute.aws_iam_policy_document.assume_role_policy + to = module.stackgen_63b6a8c7-d442-5a71-923d-61c60aa9c54d.aws_iam_policy_document.this +} + +moved { + from = module.network.aws_availability_zones.available + to = module.stackgen_37476bf3-9a65-509a-b352-edea3c6656b2.aws_availability_zones.this +} + +moved { + from = module.network.aws_subnet.public[1] + to = module.stackgen_2c912ed8-8a45-51b0-b0c5-cc6812d0a890.aws_subnet.this +} + +moved { + from = module.network.aws_vpc.main + to = module.stackgen_558d7ac4-ccc6-5b7b-b41a-fa5157526267.aws_vpc.this +} + +moved { + from = module.storage.aws_s3_bucket.athena_results + to = module.stackgen_14816102-e587-5b6f-bab3-dff0045f4512.aws_s3_bucket.this +} + +moved { + from = module.compute.aws_iam_role.eks_role + to = module.stackgen_7ef7e820-8361-52fd-a35f-aebce364af00.aws_iam_role.this +} + +moved { + from = module.storage.aws_s3_bucket_public_access_block.athena_results_pab + to = module.stackgen_e7de1e20-14c7-5811-ba15-9963dc266cb8.aws_s3_bucket_public_access_block.this +} + diff --git a/iac-source1/terraform/outputs.tf b/iac-source1/terraform/outputs.tf index 8219983..e3a1e56 100644 --- a/iac-source1/terraform/outputs.tf +++ b/iac-source1/terraform/outputs.tf @@ -1,35 +1,110 @@ -output "aws_athena_stackgen_2ea25a38-fd59-40bb-ac70-3e9cacd2f073_arn" { - value = module.stackgen_2ea25a38-fd59-40bb-ac70-3e9cacd2f073.arn +output "aws_eks_cluster_stackgen_34b80001-017a-5312-9144-65da25a068a9_arn" { + value = module.stackgen_34b80001-017a-5312-9144-65da25a068a9.arn sensitive = false } -output "aws_athena_stackgen_2ea25a38-fd59-40bb-ac70-3e9cacd2f073_database_id" { - value = module.stackgen_2ea25a38-fd59-40bb-ac70-3e9cacd2f073.database_id +output "aws_eks_cluster_stackgen_34b80001-017a-5312-9144-65da25a068a9_id" { + value = module.stackgen_34b80001-017a-5312-9144-65da25a068a9.id sensitive = false } -output "aws_athena_stackgen_2ea25a38-fd59-40bb-ac70-3e9cacd2f073_query_id" { - value = module.stackgen_2ea25a38-fd59-40bb-ac70-3e9cacd2f073.query_id +output "aws_iam_role_stackgen_7ef7e820-8361-52fd-a35f-aebce364af00_arn" { + value = module.stackgen_7ef7e820-8361-52fd-a35f-aebce364af00.arn sensitive = false } -output "aws_s3_stackgen_e2c3eb90-18ac-4116-823a-027739cbbeb2_arn" { - value = module.stackgen_e2c3eb90-18ac-4116-823a-027739cbbeb2.arn +output "aws_iam_role_stackgen_7ef7e820-8361-52fd-a35f-aebce364af00_name" { + value = module.stackgen_7ef7e820-8361-52fd-a35f-aebce364af00.name sensitive = false } -output "aws_s3_stackgen_e2c3eb90-18ac-4116-823a-027739cbbeb2_bucket_name" { - value = module.stackgen_e2c3eb90-18ac-4116-823a-027739cbbeb2.bucket_name +output "aws_s3_bucket_stackgen_14816102-e587-5b6f-bab3-dff0045f4512_arn" { + value = module.stackgen_14816102-e587-5b6f-bab3-dff0045f4512.arn sensitive = false } -output "aws_s3_stackgen_e2c3eb90-18ac-4116-823a-027739cbbeb2_bucket_website_endpoint" { - value = module.stackgen_e2c3eb90-18ac-4116-823a-027739cbbeb2.bucket_website_endpoint +output "aws_s3_bucket_stackgen_14816102-e587-5b6f-bab3-dff0045f4512_bucket" { + value = module.stackgen_14816102-e587-5b6f-bab3-dff0045f4512.bucket sensitive = false } -output "aws_s3_stackgen_e2c3eb90-18ac-4116-823a-027739cbbeb2_kms_arn" { - value = module.stackgen_e2c3eb90-18ac-4116-823a-027739cbbeb2.kms_arn +output "aws_s3_bucket_stackgen_14816102-e587-5b6f-bab3-dff0045f4512_id" { + value = module.stackgen_14816102-e587-5b6f-bab3-dff0045f4512.id + sensitive = false +} + +output "aws_subnet_stackgen_031238de-adc8-51a3-91d9-c93de1930675_arn" { + value = module.stackgen_031238de-adc8-51a3-91d9-c93de1930675.arn + sensitive = false +} + +output "aws_subnet_stackgen_031238de-adc8-51a3-91d9-c93de1930675_id" { + value = module.stackgen_031238de-adc8-51a3-91d9-c93de1930675.id + sensitive = false +} + +output "aws_subnet_stackgen_2c912ed8-8a45-51b0-b0c5-cc6812d0a890_arn" { + value = module.stackgen_2c912ed8-8a45-51b0-b0c5-cc6812d0a890.arn + sensitive = false +} + +output "aws_subnet_stackgen_2c912ed8-8a45-51b0-b0c5-cc6812d0a890_id" { + value = module.stackgen_2c912ed8-8a45-51b0-b0c5-cc6812d0a890.id + sensitive = false +} + +output "aws_vpc_stackgen_558d7ac4-ccc6-5b7b-b41a-fa5157526267_arn" { + value = module.stackgen_558d7ac4-ccc6-5b7b-b41a-fa5157526267.arn + sensitive = false +} + +output "aws_vpc_stackgen_558d7ac4-ccc6-5b7b-b41a-fa5157526267_id" { + value = module.stackgen_558d7ac4-ccc6-5b7b-b41a-fa5157526267.id + sensitive = false +} + +output "aws_vpc_stackgen_558d7ac4-ccc6-5b7b-b41a-fa5157526267_vpc_id" { + value = module.stackgen_558d7ac4-ccc6-5b7b-b41a-fa5157526267.vpc_id + sensitive = false +} + +output "data_aws_availability_zones_stackgen_37476bf3-9a65-509a-b352-edea3c6656b2_group_names" { + value = module.stackgen_37476bf3-9a65-509a-b352-edea3c6656b2.group_names + sensitive = false +} + +output "data_aws_availability_zones_stackgen_37476bf3-9a65-509a-b352-edea3c6656b2_id" { + value = module.stackgen_37476bf3-9a65-509a-b352-edea3c6656b2.id + sensitive = false +} + +output "data_aws_availability_zones_stackgen_37476bf3-9a65-509a-b352-edea3c6656b2_names" { + value = module.stackgen_37476bf3-9a65-509a-b352-edea3c6656b2.names + sensitive = false +} + +output "data_aws_availability_zones_stackgen_37476bf3-9a65-509a-b352-edea3c6656b2_zone_ids" { + value = module.stackgen_37476bf3-9a65-509a-b352-edea3c6656b2.zone_ids + sensitive = false +} + +output "data_aws_iam_policy_document_stackgen_63b6a8c7-d442-5a71-923d-61c60aa9c54d_id" { + value = module.stackgen_63b6a8c7-d442-5a71-923d-61c60aa9c54d.id + sensitive = false +} + +output "data_aws_iam_policy_document_stackgen_63b6a8c7-d442-5a71-923d-61c60aa9c54d_json" { + value = module.stackgen_63b6a8c7-d442-5a71-923d-61c60aa9c54d.json + sensitive = false +} + +output "data_aws_iam_policy_document_stackgen_63b6a8c7-d442-5a71-923d-61c60aa9c54d_minified_json" { + value = module.stackgen_63b6a8c7-d442-5a71-923d-61c60aa9c54d.minified_json + sensitive = false +} + +output "random_string_stackgen_473ba727-cbcd-51d9-b1ab-49f583404fe7_result" { + value = module.stackgen_473ba727-cbcd-51d9-b1ab-49f583404fe7.result sensitive = false }