Merge pull request #1 from getamis/v0.0.1

V0.0.1

aws/network/bastion.tf

@@ -0,0 +1,80 @@
+resource "aws_security_group" "bastion" {
+  vpc_id = "${aws_vpc.new_vpc.id}"
+
+  tags = "${merge(map(
+      "Name", "${var.phase}-${var.project}-bastion",
+      "Phase", "${var.phase}",
+      "Project", "${var.project}"
+    ), var.extra_tags)}"
+}
+
+resource "aws_security_group_rule" "bastion_egress" {
+  type              = "egress"
+  security_group_id = "${aws_security_group.bastion.id}"
+
+  from_port   = 0
+  to_port     = 0
+  protocol    = "-1"
+  cidr_blocks = ["0.0.0.0/0"]
+}
+
+resource "aws_security_group_rule" "bastion_ingress_ssh" {
+  type              = "ingress"
+  security_group_id = "${aws_security_group.bastion.id}"
+
+  protocol    = "tcp"
+  cidr_blocks = ["0.0.0.0/0"]
+  from_port   = 22
+  to_port     = 22
+}
+
+data "aws_ami" "latest_ubuntu" {
+
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  owners = ["099720109477"] # Canonical
+
+}
+
+resource "random_integer" "subnet_id_index" {
+  min     = 0
+  max     = "${length(aws_subnet.public_subnet.*.id)}"
+
+  keepers = {
+    vpc_id = "${aws_vpc.new_vpc.id}"
+  }
+}
+
+resource "aws_instance" "bastion" {
+  ami                         = "${var.bastion_ami_id == "" ? data.aws_ami.latest_ubuntu.image_id : var.bastion_ami_id}"
+  associate_public_ip_address = true
+  instance_type               = "${var.bastion_instance_type}"
+  key_name                    = "${var.bastion_key_name}"
+  source_dest_check           = true
+  subnet_id                   = "${aws_subnet.public_subnet.*.id[random_integer.subnet_id_index.result]}"
+
+  root_block_device {
+    volume_type = "standard"
+    volume_size = "40"
+  }
+
+  vpc_security_group_ids = [
+    "${ aws_security_group.bastion.id }",
+  ]
+
+  tags = "${merge(map(
+      "Name", "${var.phase}-${var.project}-bastion",
+      "Phase", "${var.phase}",
+      "Project", "${var.project}"
+    ), var.extra_tags)}"
+}

aws/network/main.tf

@@ -0,0 +1,8 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# Configuration
+# ---------------------------------------------------------------------------------------------------------------------
+
+provider "aws" {
+  region  = "${var.aws_region}"
+  version = "1.23.0"
+}

aws/network/outputs.tf

@@ -0,0 +1,15 @@
+output "vpc_id" {
+  value = "${aws_vpc.new_vpc.id}"
+}
+
+output "public_subnet_ids" {
+  value = "${aws_subnet.public_subnet.*.id}"
+}
+
+output "private_subnet_ids" {
+  value = "${aws_subnet.private_subnet.*.id}"
+}
+
+output "bastion_id" {
+  value = "${aws_instance.bastion.public_ip}"
+}

aws/network/variables.tf

@@ -0,0 +1,52 @@
+variable "aws_region" {
+  description = "The AWS region to build network infrastructure"
+  type        = "string"
+  default     = ""
+}
+
+variable "aws_az_number" {
+  description = "How many AZs want to build"
+  type    = "string"
+  default = "3"
+}
+
+variable "cidr_block" {
+  description = "The CIDR block AWS VPC"
+  type        = "string"
+  default     = "10.0.0.0/16"
+}
+
+variable "phase" {
+  description = "Specific which phase service will host"
+  type        = "string"
+  default     = "dev"
+}
+
+variable "project" {
+  description = "Specific which project service will host"
+  type        = "string"
+  default     = "vishwakarma"
+}
+
+variable "extra_tags" {
+  description = "Extra AWS tags to be applied to created resources."
+  type        = "map"
+  default     = {}
+}
+
+variable "bastion_ami_id" {
+  description = "The AWS AMI id for bastion"
+  type        = "string"
+  default     = ""
+}
+
+variable "bastion_instance_type" {
+  description = "The AWS instance type for bastion"
+  type        = "string"
+  default     = "t2.micro"
+}
+
+variable "bastion_key_name" {
+  description = "The AWS EC2 key name for bastion"
+  type        = "string"
+}

aws/network/vpc-private.tf

@@ -0,0 +1,37 @@
+resource "aws_route_table" "private_routes" {
+  count  = "${length(local.aws_azs)}"
+  vpc_id = "${aws_vpc.new_vpc.id}"
+
+  tags = "${merge(map(
+      "Name", "${var.phase}-${var.project}-private-${local.aws_azs[count.index]}",
+      "Phase", "${var.phase}",
+      "Project", "${var.project}"
+    ), var.extra_tags)}"
+}
+
+resource "aws_route" "to_nat_gw" {
+  count                  = "${length(local.aws_azs)}"
+  route_table_id         = "${aws_route_table.private_routes.*.id[count.index]}"
+  destination_cidr_block = "0.0.0.0/0"
+  nat_gateway_id         = "${element(aws_nat_gateway.nat_gw.*.id, count.index)}"
+  depends_on             = ["aws_route_table.private_routes"]
+}
+
+resource "aws_subnet" "private_subnet" {
+  count             = "${length(local.aws_azs)}"
+  vpc_id            = "${aws_vpc.new_vpc.id}"
+  cidr_block        = "${cidrsubnet(aws_vpc.new_vpc.cidr_block, 4, count.index + length(local.aws_azs))}"
+  availability_zone = "${local.aws_azs[count.index]}"
+
+  tags = "${merge(map(
+    "Name", "${var.phase}-${var.project}-private-${local.aws_azs[count.index]}",
+    "Phase", "${var.phase}",
+    "Project", "${var.project}"
+    ), var.extra_tags)}"
+}
+
+resource "aws_route_table_association" "private_routing" {
+  count          = "${length(local.aws_azs)}"
+  route_table_id = "${aws_route_table.private_routes.*.id[count.index]}"
+  subnet_id      = "${aws_subnet.private_subnet.*.id[count.index]}"
+}

aws/network/vpc-public.tf

@@ -0,0 +1,65 @@
+resource "aws_internet_gateway" "igw" {
+  vpc_id = "${aws_vpc.new_vpc.id}"
+
+  tags = "${merge(map(
+      "Name", "${var.phase}-${var.project}-igw",
+      "Phase", "${var.phase}",
+      "Project", "${var.project}"
+    ), var.extra_tags)}"
+}
+
+resource "aws_route_table" "default" {
+  vpc_id = "${aws_vpc.new_vpc.id}"
+
+  tags = "${merge(map(
+      "Name", "${var.phase}-${var.project}-public",
+      "Phase", "${var.phase}",
+      "Project", "${var.project}"
+    ), var.extra_tags)}"
+}
+
+resource "aws_main_route_table_association" "main_vpc_routes" {
+  vpc_id         = "${aws_vpc.new_vpc.id}"
+  route_table_id = "${aws_route_table.default.id}"
+}
+
+resource "aws_route" "igw_route" {
+  destination_cidr_block = "0.0.0.0/0"
+  route_table_id         = "${aws_route_table.default.id}"
+  gateway_id             = "${aws_internet_gateway.igw.id}"
+}
+
+resource "aws_subnet" "public_subnet" {
+  count             = "${length(local.aws_azs)}"
+  vpc_id            = "${aws_vpc.new_vpc.id}"
+  cidr_block        = "${cidrsubnet(aws_vpc.new_vpc.cidr_block, 4, count.index)}"
+  availability_zone = "${local.aws_azs[count.index]}"
+
+  tags = "${merge(map(
+     "Name", "${var.phase}-${var.project}-public-${local.aws_azs[count.index]}",
+     "Phase", "${var.phase}",
+     "Project", "${var.project}"
+    ), var.extra_tags)}"
+}
+
+resource "aws_route_table_association" "route_net" {
+  count          = "${length(local.aws_azs)}"
+  route_table_id = "${aws_route_table.default.id}"
+  subnet_id      = "${aws_subnet.public_subnet.*.id[count.index]}"
+}
+
+resource "aws_eip" "nat_eip" {
+  count = "${length(local.aws_azs)}"
+  vpc   = true
+
+  # Terraform does not declare an explicit dependency towards the internet gateway.
+  # this can cause the internet gateway to be deleted/detached before the EIPs.
+  # https://github.com/coreos/tectonic-installer/issues/1017#issuecomment-307780549
+  depends_on = ["aws_internet_gateway.igw"]
+}
+
+resource "aws_nat_gateway" "nat_gw" {
+  count         = "${length(local.aws_azs)}"
+  allocation_id = "${aws_eip.nat_eip.*.id[count.index]}"
+  subnet_id     = "${aws_subnet.public_subnet.*.id[count.index]}"
+}

aws/network/vpc.tf

@@ -0,0 +1,17 @@
+resource "aws_vpc" "new_vpc" {
+  cidr_block           = "${var.cidr_block}"
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+
+  tags = "${merge(map(
+      "Name", "${var.phase}-${var.project}-vpc",
+      "Phase", "${var.phase}",
+      "Project", "${var.project}"
+    ), var.extra_tags)}"
+}
+
+data "aws_availability_zones" "azs" {}
+
+locals {
+  aws_azs = "${slice(data.aws_availability_zones.azs.names, 0, var.aws_az_number)}"
+}

tests/aws/network/terraform.tfvars

@@ -0,0 +1,21 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# TERRAGRUNT CONFIGURATION
+# This is the configuration for Terragrunt, a thin wrapper for Terraform that supports locking and enforces best
+# practices: https://github.com/gruntwork-io/terragrunt
+# ---------------------------------------------------------------------------------------------------------------------
+
+terragrunt = {
+  # Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+  # working directory, into a temporary folder, and execute your Terraform commands in that folder.
+  terraform {
+    source = "../../../aws//network"
+  }
+
+  # Include all settings from the root terraform.tfvars file
+  include = {
+    path = "${find_in_parent_folders()}"
+  }
+}
+
+extra_tags = {
+}

tests/aws/terraform.tfvars

@@ -0,0 +1,17 @@
+# Terragrunt is a thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules,
+# remote state, and locking: https://github.com/gruntwork-io/terragrunt
+
+terragrunt = {
+  # Configure Terragrunt to automatically store tfstate files in an S3 bucket
+
+  # Configure root level variables that all resources can inherit
+  terraform {
+    extra_arguments "bucket" {
+      commands = ["${get_terraform_commands_that_need_vars()}"]
+
+      arguments = [
+        "-var", "aws_region=us-east-1"
+      ]
+    }
+  }
+}