Skip to content

Commit

Permalink
feat: add vpc_config
Browse files Browse the repository at this point in the history 
Signed-off-by: nitrocode <[email protected]>
  • Loading branch information
@nitrocode
nitrocode committed Sep 5, 2024
1 parent 5cb1ecd commit 350f5ed
Show file tree
Hide file tree
Showing 18 changed files with 181 additions and 0 deletions.
9 changes: 9 additions & 0 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ module "lambda_slack" {
slack_new_emoji = var.slack_new_emoji
slack_username = var.slack_username
environment = local.env
vpc_config = var.vpc_config
}

module "lambda" {
Expand All @@ -57,6 +58,7 @@ module "lambda" {
allowed_regions = var.allowed_regions
ip_time_limit = var.ip_time_limit
environment = local.env
vpc_config = var.vpc_config
}

module "lambda_accounts" {
Expand Down Expand Up @@ -115,6 +117,7 @@ module "lambda_scan" {
hackerone_api_token = var.hackerone_api_token
environment = local.env
production_environment = local.production_environment
vpc_config = var.vpc_config
}

module "lambda_takeover" {
Expand All @@ -131,6 +134,7 @@ module "lambda_takeover" {
sns_topic_arn = module.sns.sns_topic_arn
dlq_sns_topic_arn = module.sns_dead_letter_queue.sns_topic_arn
environment = local.env
vpc_config = var.vpc_config
}

module "takeover_role" {
Expand Down Expand Up @@ -160,6 +164,7 @@ module "lambda_resources" {
sns_topic_arn = module.sns.sns_topic_arn
dlq_sns_topic_arn = module.sns_dead_letter_queue.sns_topic_arn
environment = local.env
vpc_config = var.vpc_config
}

module "resources_role" {
Expand Down Expand Up @@ -262,6 +267,7 @@ module "lambda_cloudflare" {
hackerone = var.hackerone
hackerone_api_token = var.hackerone_api_token
environment = local.env
vpc_config = var.vpc_config
}

module "cloudflare_event" {
Expand Down Expand Up @@ -373,6 +379,7 @@ module "lambda_scan_ips" {
hackerone = var.hackerone
hackerone_api_token = var.hackerone_api_token
environment = local.env
vpc_config = var.vpc_config
}

module "accounts_role_ips" {
Expand Down Expand Up @@ -408,6 +415,7 @@ module "lambda_accounts_ips" {
dlq_sns_topic_arn = module.sns_dead_letter_queue.sns_topic_arn
state_machine_arn = module.step_function_ips[0].state_machine_arn
environment = local.env
vpc_config = var.vpc_config
}

module "accounts_event_ips" {
Expand Down Expand Up @@ -441,4 +449,5 @@ module "lamdba_stats" {
security_audit_role_name = var.security_audit_role_name
external_id = var.external_id
environment = local.env
vpc_config = var.vpc_config
}
8 changes: 8 additions & 0 deletions terraform-modules/lambda-cloudflare/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,14 @@ resource "aws_lambda_function" "lambda" {
tracing_config {
mode = "Active"
}

dynamic "vpc_config" {
for_each = var.vpc_config != null ? [var.vpc_config] : []
content {
security_group_ids = vpc_config.value.security_group_ids
subnet_ids = vpc_config.value.subnet_ids
}
}
}

resource "aws_lambda_alias" "lambda" {
Expand Down
12 changes: 12 additions & 0 deletions terraform-modules/lambda-cloudflare/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,18 @@ variable "bugcrowd_state" {}
variable "hackerone" {}
variable "hackerone_api_token" {}

variable "vpc_config" {
type = object({
security_group_ids = list(string)
subnet_ids = list(string)
})
description = <<EOF
Provide this to allow your function to access your VPC (if both 'subnet_ids' and 'security_group_ids' are empty then
vpc_config is considered to be empty or unset, see https://docs.aws.amazon.com/lambda/latest/dg/vpc.html for details).
EOF
default = null
}

variable "state_machine_arn" {
default = ""
}
Expand Down
8 changes: 8 additions & 0 deletions terraform-modules/lambda-resources/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,14 @@ resource "aws_lambda_function" "lambda" {
tracing_config {
mode = "Active"
}

dynamic "vpc_config" {
for_each = var.vpc_config != null ? [var.vpc_config] : []
content {
security_group_ids = vpc_config.value.security_group_ids
subnet_ids = vpc_config.value.subnet_ids
}
}
}

resource "aws_lambda_alias" "lambda" {
Expand Down
12 changes: 12 additions & 0 deletions terraform-modules/lambda-resources/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,18 @@ variable "sns_topic_arn" {}
variable "dlq_sns_topic_arn" {}
variable "lambdas" {}

variable "vpc_config" {
type = object({
security_group_ids = list(string)
subnet_ids = list(string)
})
description = <<EOF
Provide this to allow your function to access your VPC (if both 'subnet_ids' and 'security_group_ids' are empty then
vpc_config is considered to be empty or unset, see https://docs.aws.amazon.com/lambda/latest/dg/vpc.html for details).
EOF
default = null
}

variable "state_machine_arn" {
default = ""
}
Expand Down
8 changes: 8 additions & 0 deletions terraform-modules/lambda-scan-ips/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,14 @@ resource "aws_lambda_function" "lambda" {
tracing_config {
mode = "Active"
}

dynamic "vpc_config" {
for_each = var.vpc_config != null ? [var.vpc_config] : []
content {
security_group_ids = vpc_config.value.security_group_ids
subnet_ids = vpc_config.value.subnet_ids
}
}
}

resource "aws_lambda_alias" "lambda" {
Expand Down
12 changes: 12 additions & 0 deletions terraform-modules/lambda-scan-ips/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,18 @@ variable "bugcrowd_state" {}
variable "hackerone" {}
variable "hackerone_api_token" {}

variable "vpc_config" {
type = object({
security_group_ids = list(string)
subnet_ids = list(string)
})
description = <<EOF
Provide this to allow your function to access your VPC (if both 'subnet_ids' and 'security_group_ids' are empty then
vpc_config is considered to be empty or unset, see https://docs.aws.amazon.com/lambda/latest/dg/vpc.html for details).
EOF
default = null
}

variable "timeout" {
description = "Amount of time your Lambda Function has to run in seconds"
default = 900
Expand Down
8 changes: 8 additions & 0 deletions terraform-modules/lambda-scan/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,14 @@ resource "aws_lambda_function" "lambda" {
tracing_config {
mode = "Active"
}

dynamic "vpc_config" {
for_each = var.vpc_config != null ? [var.vpc_config] : []
content {
security_group_ids = vpc_config.value.security_group_ids
subnet_ids = vpc_config.value.subnet_ids
}
}
}

resource "aws_lambda_alias" "lambda" {
Expand Down
12 changes: 12 additions & 0 deletions terraform-modules/lambda-scan/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,18 @@ variable "bugcrowd_state" {}
variable "hackerone" {}
variable "hackerone_api_token" {}

variable "vpc_config" {
type = object({
security_group_ids = list(string)
subnet_ids = list(string)
})
description = <<EOF
Provide this to allow your function to access your VPC (if both 'subnet_ids' and 'security_group_ids' are empty then
vpc_config is considered to be empty or unset, see https://docs.aws.amazon.com/lambda/latest/dg/vpc.html for details).
EOF
default = null
}

variable "timeout" {
description = "Amount of time your Lambda Function has to run in seconds"
default = 900
Expand Down
8 changes: 8 additions & 0 deletions terraform-modules/lambda-slack/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,14 @@ resource "aws_lambda_function" "lambda" {
tracing_config {
mode = "Active"
}

dynamic "vpc_config" {
for_each = var.vpc_config != null ? [var.vpc_config] : []
content {
security_group_ids = vpc_config.value.security_group_ids
subnet_ids = vpc_config.value.subnet_ids
}
}
}

resource "aws_lambda_alias" "lambda" {
Expand Down
12 changes: 12 additions & 0 deletions terraform-modules/lambda-slack/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,18 @@ variable "slack_fix_emoji" {}
variable "slack_new_emoji" {}
variable "slack_username" {}

variable "vpc_config" {
type = object({
security_group_ids = list(string)
subnet_ids = list(string)
})
description = <<EOF
Provide this to allow your function to access your VPC (if both 'subnet_ids' and 'security_group_ids' are empty then
vpc_config is considered to be empty or unset, see https://docs.aws.amazon.com/lambda/latest/dg/vpc.html for details).
EOF
default = null
}

variable "timeout" {
description = "Amount of time your Lambda Function has to run in seconds"
default = 900
Expand Down
8 changes: 8 additions & 0 deletions terraform-modules/lambda-stats/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,14 @@ resource "aws_lambda_function" "lambda" {
tracing_config {
mode = "Active"
}

dynamic "vpc_config" {
for_each = var.vpc_config != null ? [var.vpc_config] : []
content {
security_group_ids = vpc_config.value.security_group_ids
subnet_ids = vpc_config.value.subnet_ids
}
}
}

resource "aws_lambda_alias" "lambda" {
Expand Down
12 changes: 12 additions & 0 deletions terraform-modules/lambda-stats/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,18 @@ variable "org_primary_account" {}
variable "security_audit_role_name" {}
variable "external_id" {}

variable "vpc_config" {
type = object({
security_group_ids = list(string)
subnet_ids = list(string)
})
description = <<EOF
Provide this to allow your function to access your VPC (if both 'subnet_ids' and 'security_group_ids' are empty then
vpc_config is considered to be empty or unset, see https://docs.aws.amazon.com/lambda/latest/dg/vpc.html for details).
EOF
default = null
}

variable "timeout" {
description = "Amount of time your Lambda Function has to run in seconds"
default = 900
Expand Down
8 changes: 8 additions & 0 deletions terraform-modules/lambda-takeover/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,14 @@ resource "aws_lambda_function" "lambda" {
tracing_config {
mode = "Active"
}

dynamic "vpc_config" {
for_each = var.vpc_config != null ? [var.vpc_config] : []
content {
security_group_ids = vpc_config.value.security_group_ids
subnet_ids = vpc_config.value.subnet_ids
}
}
}

resource "aws_lambda_alias" "lambda" {
Expand Down
12 changes: 12 additions & 0 deletions terraform-modules/lambda-takeover/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,18 @@ variable "memory_size" {}
variable "sns_topic_arn" {}
variable "dlq_sns_topic_arn" {}

variable "vpc_config" {
type = object({
security_group_ids = list(string)
subnet_ids = list(string)
})
description = <<EOF
Provide this to allow your function to access your VPC (if both 'subnet_ids' and 'security_group_ids' are empty then
vpc_config is considered to be empty or unset, see https://docs.aws.amazon.com/lambda/latest/dg/vpc.html for details).
EOF
default = null
}

variable "timeout" {
description = "Amount of time your Lambda Function has to run in seconds"
default = 900
Expand Down
8 changes: 8 additions & 0 deletions terraform-modules/lambda/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,14 @@ resource "aws_lambda_function" "lambda" {
tracing_config {
mode = "Active"
}

dynamic "vpc_config" {
for_each = var.vpc_config != null ? [var.vpc_config] : []
content {
security_group_ids = vpc_config.value.security_group_ids
subnet_ids = vpc_config.value.subnet_ids
}
}
}

resource "aws_lambda_alias" "lambda" {
Expand Down
12 changes: 12 additions & 0 deletions terraform-modules/lambda/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,18 @@ variable "dlq_sns_topic_arn" {}
variable "allowed_regions" {}
variable "ip_time_limit" {}

variable "vpc_config" {
type = object({
security_group_ids = list(string)
subnet_ids = list(string)
})
description = <<EOF
Provide this to allow your function to access your VPC (if both 'subnet_ids' and 'security_group_ids' are empty then
vpc_config is considered to be empty or unset, see https://docs.aws.amazon.com/lambda/latest/dg/vpc.html for details).
EOF
default = null
}

variable "timeout" {
description = "Amount of time your Lambda Function has to run in seconds"
default = 900
Expand Down
12 changes: 12 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,3 +281,15 @@ variable "permissions_boundary_arn" {
default = null
type = string
}

variable "vpc_config" {
type = object({
security_group_ids = list(string)
subnet_ids = list(string)
})
description = <<EOF
Provide this to allow your function to access your VPC (if both 'subnet_ids' and 'security_group_ids' are empty then
vpc_config is considered to be empty or unset, see https://docs.aws.amazon.com/lambda/latest/dg/vpc.html for details).
EOF
default = null
}

0 comments on commit 350f5ed

Please sign in to comment.