Skip to content

Commit

Permalink
[PFMENG-1278] Update the examples
Browse files Browse the repository at this point in the history
  • Loading branch information
Duleendra committed Nov 9, 2023
1 parent 81f4c5c commit 3fef563
Showing 1 changed file with 93 additions and 11 deletions.
104 changes: 93 additions & 11 deletions examples/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -55,13 +55,13 @@ module "verified_access_eni_endpoint" {
verified_access_group_id = module.verified_access_iam_identity_center.verifiedaccess_group_id

description = "user-manager"
application_domain = "user-manger.abc.com"
domain_certificate_arn = "arn:aws:acm:ap-southeast-1:12345678:certificate/a6e8cc16-b740-4e15-8a3a-a3f643589a36"
application_domain = "user-manger.my-domain.com"
domain_certificate_arn = module.acm.acm_certificate_arn
endpoint_domain_prefix = "user-manger"
security_group_ids = ["sg-090fee8d4dd093"]
security_group_ids = [module.verified_access_sg.security_group_id]

endpoint_type = "network-interface"
network_interface_id = "eni-0ecf3d2c29ad06"
network_interface_id = "eni-xys3d2c29ad06"
port = 443
protocol = "https"

Expand All @@ -78,21 +78,103 @@ module "verified_access_elb_endpoint" {

description = "student-portal"

application_domain = "student-portal.abc.com"
domain_certificate_arn = "arn:aws:acm:ap-southeast-1:123789456:certificate/a6e8cc16-b740-4e15-8a3a-a3f643589a36"
application_domain = "student-portal.my-domain.com"
domain_certificate_arn = module.acm.acm_certificate_arn
endpoint_domain_prefix = "student-portal"
security_group_ids = ["sg-0305d43dd3458dda"]
security_group_ids = [module.verified_access_sg.security_group_id]

endpoint_type = "load-balancer"
load_balancer_arn = "arn:aws:elasticloadbalancing:ap-southeast-1:123456789:loadbalancer/app/student-portal/db28c751e6407a7e"
port = 443
protocol = "https"
subnet_ids = [
"subnet-0589f70e50ee83b4",
"subnet-080006967a027df"
]
subnet_ids = module.vpc.private_subnets

tags = {
Name = "student-portal"
}
}

module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 5.1"

name = "test-vpc"
cidr = "10.0.0.0/16"

azs = ["ap-southeast-1a", "ap-southeast-1b", "ap-southeast-1c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]

enable_nat_gateway = true
enable_vpn_gateway = true

tags = {
Terraform = "true"
Environment = "dev"
}
}

module "verified_access_sg" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 5.1"

name = "verified-access-sg"
vpc_id = module.vpc.vpc_id

ingress_cidr_blocks = ["0.0.0.0/0"]

ingress_rules = [
"https-443-tcp"
]

egress_rules = ["all-all"]
}

module "acm" {
source = "terraform-aws-modules/acm/aws"
version = "~> 4.0"

domain_name = "my-domain.com"
zone_id = "xyz1234B9AZ6SHAE"

validation_method = "DNS"

subject_alternative_names = [
"*.my-domain.com"
]

wait_for_validation = true

tags = {
Name = "my-domain.com"
}
}

module "alb" {
source = "terraform-aws-modules/alb/aws"
version = "~> 9.1"

name = "my-alb"
vpc_id = module.vpc.vpc_id
subnets = module.vpc.private_subnets
internal = true

# Allow traffic from Verified Access security group
security_groups = [module.verified_access_sg.security_group_id]

listeners = {
https = {
port = 443
protocol = "HTTPS"
certificate_arn = module.acm.acm_certificate_arn
forward = {
target_group_key = "ex-instance"
}
}
}

tags = {
Environment = "Development"
Project = "Example"
}
}

0 comments on commit 3fef563

Please sign in to comment.