docs: Simplify existing VPC networking example (#137)

lacework · Mar 25, 2024 · cf59d73 · cf59d73
1 parent 6cfc85c
commit cf59d73
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 144 deletions.
diff --git a/examples/single-account-existing-vpc-networking/README.md b/examples/single-account-existing-vpc-networking/README.md
@@ -1,78 +1,33 @@
 # Single Account with Existing VPC & Networking Example
 
 ```hcl
-
 provider "lacework" {}
 
 provider "aws" {
   region = "us-west-1"
 }
 
-resource "aws_vpc" "existing" {
-  cidr_block           = "10.0.0.0/16"
-  enable_dns_support   = true
-  enable_dns_hostnames = true
-  instance_tenancy     = "default"
-}
-
-resource "aws_internet_gateway" "existing" {
-  vpc_id = aws_vpc.existing.id
-}
-
-resource "aws_route_table" "existing" {
-  vpc_id = aws_vpc.existing.id
-}
-
-resource "aws_route" "existing" {
-  destination_cidr_block = "0.0.0.0/0"
-  gateway_id             = aws_internet_gateway.existing.id
-  route_table_id         = aws_route_table.existing.id
-}
-
-resource "aws_route_table_association" "agentless_scan_route_table_association" {
-  subnet_id      = aws_subnet.existing.id
-  route_table_id = aws_route_table.existing.id
-}
-
-resource "aws_subnet" "existing" {
-  vpc_id                  = aws_vpc.existing.id
-  cidr_block              = "10.0.0.0/24"
-  map_public_ip_on_launch = false
-}
-
-resource "aws_security_group" "existing" {
-  name   = "existing-security-group"
-  vpc_id = aws_vpc.existing.id
-
-  ingress {
-    protocol  = -1
-    self      = true
-    from_port = 0
-    to_port   = 0
-  }
-
-  egress {
-    from_port   = 443
-    to_port     = 443
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-}
-
+// Create global resources, includes lacework cloud integration.
+// This will also create regional resources too.
+// If scanning should occur on multiple regions then refer to the 'default' example.
 module "lacework_aws_agentless_scanning_singleregion" {
-  source  = "lacework/agentless-scanning/aws"
-  version = "~> 0.8"
+  source = "../.."
 
   global                    = true
   regional                  = true
   lacework_integration_name = "agentless_from_terraform"
 
+  // This expects the VPC to have a route to the internet.
+  // There are options in the terraform here to create an IGW if needed.
   use_existing_vpc            = true
-  vpc_id                      = aws_vpc.existing.id
+  use_internet_gateway        = false
+  vpc_id                      = "vpc-123456"
   use_existing_security_group = true
-  security_group_id           = aws_security_group.existing.id
-  use_existing_subnet         = true
-  subnet_id                   = aws_subnet.existing.id
+  security_group_id           = "sg-123456"
+
+  // Only a single subnet is needed.
+  use_existing_subnet = true
+  subnet_id           = "subnet-123456"
 }
 ```
 

diff --git a/examples/single-account-existing-vpc-networking/main.tf b/examples/single-account-existing-vpc-networking/main.tf
@@ -4,6 +4,8 @@ provider "aws" {
   region = "us-west-1"
 }
 
+// START: The following resources are provided for the integration tests only.
+// These are not needed for actual usages, see the README.md.
 resource "aws_vpc" "existing" {
   cidr_block           = "10.0.0.0/16"
   enable_dns_support   = true
@@ -54,6 +56,8 @@ resource "aws_security_group" "existing" {
     cidr_blocks = ["0.0.0.0/0"]
   }
 }
+// END: This is the end of resource created needed for integration testing.
+// The above resources are created for testing purposes only.
 
 // Create global resources, includes lacework cloud integration.
 // This will also create regional resources too.
@@ -65,10 +69,15 @@ module "lacework_aws_agentless_scanning_singleregion" {
   regional                  = true
   lacework_integration_name = "agentless_from_terraform"
 
+  // This expects the VPC to have a route to the internet.
+  // There are options in the terraform here to create an IGW if needed.
   use_existing_vpc            = true
+  use_internet_gateway        = false
   vpc_id                      = aws_vpc.existing.id
   use_existing_security_group = true
   security_group_id           = aws_security_group.existing.id
-  use_existing_subnet         = true
-  subnet_id                   = aws_subnet.existing.id
+
+  // Only a single subnet is needed.
+  use_existing_subnet = true
+  subnet_id           = aws_subnet.existing.id
 }
diff --git a/examples/single-account-existing-vpc/README.md b/examples/single-account-existing-vpc/README.md
diff --git a/examples/single-account-existing-vpc/main.tf b/examples/single-account-existing-vpc/main.tf
diff --git a/examples/single-account-existing-vpc/versions.tf b/examples/single-account-existing-vpc/versions.tf
diff --git a/scripts/ci_tests.sh b/scripts/ci_tests.sh
@@ -11,7 +11,6 @@ readonly project_name=terraform-aws-agentless-scanning
 TEST_CASES=(
   examples/multi-account-multi-region-auto-snapshot
   examples/multi-account-multi-region
-  examples/single-account-existing-vpc
   examples/single-account-existing-vpc-networking
   examples/single-account-multi-region
   examples/single-account-single-region