Skip to content

Commit

Permalink
variable changes
Browse files Browse the repository at this point in the history
  • Loading branch information
pablo19sc committed Jul 14, 2022
1 parent 1dc3359 commit d555353
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 64 deletions.
73 changes: 33 additions & 40 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,76 +4,69 @@
/* The VPC module will deploy a VPC for each resoruce defined in the variables.tf file defined as a spoke
Additional resources such as NAT Gateways will be deploeyed according to the value set in the variables file */

# Spoke VPCs. Module - https://github.com/aws-ia/terraform-aws-vpc
module "spoke_vpcs" {
for_each = {
for k, v in var.vpcs : k => v
if v.type == "spoke"
}
# Inspection VPC. Module - https://github.com/aws-ia/terraform-aws-vpc
module "inspection_vpc" {
source = "aws-ia/vpc/aws"
version = "= 1.4.1"

name = each.key
cidr_block = each.value.cidr_block
az_count = each.value.number_azs
name = "inspection-vpc"
cidr_block = var.inspection_vpc.cidr_block
az_count = var.inspection_vpc.number_azs

subnets = {
public = {
name_prefix = "public"
netmask = var.inspection_vpc.public_subnet_netmask
nat_gateway_configuration = "all_azs"
}

private = {
name_prefix = "private"
netmask = each.value.private_subnet_netmask
route_to_nat = false
route_to_transit_gateway = ["0.0.0.0/0"]
name_prefix = "inspection"
netmask = var.inspection_vpc.private_subnet_netmask
route_to_nat = true
route_to_transit_gateway = [var.supernet]
}
transit_gateway = {
name_prefix = "tgw"
netmask = each.value.tgw_subnet_netmask
netmask = var.inspection_vpc.tgw_subnet_netmask
transit_gateway_id = aws_ec2_transit_gateway.tgw.id
transit_gateway_default_route_table_association = false
transit_gateway_default_route_table_propagation = false
transit_gateway_appliance_mode_support = "enable"
}
}

vpc_flow_logs = {
log_destination_type = each.value.flow_log_config.log_destination_type
retention_in_days = each.value.flow_log_config.retention_in_days
log_destination_type = var.inspection_vpc.flow_log_config.log_destination_type
retention_in_days = var.inspection_vpc.flow_log_config.retention_in_days
iam_role_arn = module.iam_kms.vpc_flowlog_role
kms_key_id = module.iam_kms.kms_arn
}
}

# Inspection VPC. Module - https://github.com/aws-ia/terraform-aws-vpc
module "inspection_vpc" {
for_each = {
for k, v in var.vpcs : k => v
if v.type == "inspection"
}
source = "aws-ia/vpc/aws"
version = "= 1.4.1"
# Spoke VPCs. Module - https://github.com/aws-ia/terraform-aws-vpc
module "spoke_vpcs" {
for_each = var.spoke_vpcs
source = "aws-ia/vpc/aws"
version = "= 1.4.1"

name = each.key
cidr_block = each.value.cidr_block
az_count = each.value.number_azs

subnets = {
public = {
name_prefix = "public"
netmask = each.value.public_subnet_netmask
nat_gateway_configuration = "all_azs"
}

private = {
name_prefix = "inspection"
name_prefix = "private"
netmask = each.value.private_subnet_netmask
route_to_nat = true
route_to_transit_gateway = [var.supernet]
route_to_nat = false
route_to_transit_gateway = ["0.0.0.0/0"]
}
transit_gateway = {
name_prefix = "tgw"
netmask = each.value.tgw_subnet_netmask
transit_gateway_id = aws_ec2_transit_gateway.tgw.id
transit_gateway_default_route_table_association = false
transit_gateway_default_route_table_propagation = false
transit_gateway_appliance_mode_support = "enable"
}
}

Expand Down Expand Up @@ -125,7 +118,7 @@ resource "aws_ec2_transit_gateway_route_table_association" "spoke_tgw_associatio

# TGW Route Table Association - Inspection VPC
resource "aws_ec2_transit_gateway_route_table_association" "inspection_tgw_association" {
transit_gateway_attachment_id = module.inspection_vpc["inspection-vpc"].transit_gateway_attachment_id
transit_gateway_attachment_id = module.inspection_vpc.transit_gateway_attachment_id
transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.post_inspection_vpc_route_table.id
}

Expand All @@ -140,7 +133,7 @@ resource "aws_ec2_transit_gateway_route_table_propagation" "spoke_propagation_to
# Static Route (0.0.0.0/0) in the Spoke TGW Route Table sending all the traffic to the Inspection VPC
resource "aws_ec2_transit_gateway_route" "default_route_spoke_to_inspection" {
destination_cidr_block = "0.0.0.0/0"
transit_gateway_attachment_id = module.inspection_vpc["inspection-vpc"].transit_gateway_attachment_id
transit_gateway_attachment_id = module.inspection_vpc.transit_gateway_attachment_id
transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.spoke_vpc_route_table.id
}

Expand Down Expand Up @@ -176,8 +169,8 @@ module "compute" {
vpc_name = each.key
vpc_id = each.value.vpc_attributes.id
vpc_subnets = var.ec2_multi_subnet ? values({ for k, v in each.value.private_subnet_attributes_by_az : k => v.id }) : slice(values({ for k, v in each.value.private_subnet_attributes_by_az : k => v.id }), 0, 1)
number_azs = var.ec2_multi_subnet ? var.vpcs[each.key].number_azs : 1
instance_type = var.vpcs[each.key].instance_type
number_azs = var.ec2_multi_subnet ? var.spoke_vpcs[each.key].number_azs : 1
instance_type = var.spoke_vpcs[each.key].instance_type
ec2_iam_instance_profile = module.iam_kms.ec2_iam_instance_profile
ec2_security_group = local.security_groups.instance
}
Expand All @@ -189,8 +182,8 @@ module "aws_network_firewall" {

project_name = var.project_name
vpc_name = "inspection-vpc"
vpc_info = module.inspection_vpc["inspection-vpc"]
vpc_info = module.inspection_vpc
policy_document = aws_networkfirewall_firewall_policy.anfw_policy.arn
supernet = var.supernet
number_azs = var.vpcs["inspection-vpc"].number_azs
number_azs = var.inspection_vpc.number_azs
}
6 changes: 3 additions & 3 deletions outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@

output "vpcs" {
description = "VPCs created."
value = {
spokes = { for k, v in module.spoke_vpcs : k => v.vpc_attributes.id }
inspection = module.inspection_vpc["inspection-vpc"].vpc_attributes.id
value = {
spokes = { for k, v in module.spoke_vpcs : k => v.vpc_attributes.id }
inspection = module.inspection_vpc.vpc_attributes.id
}
}

Expand Down
45 changes: 24 additions & 21 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ variable "project_name" {
variable "ec2_multi_subnet" {
description = "Multi subnet Instance Deployment."
type = bool
default = false
default = true
}

variable "supernet" {
Expand All @@ -26,28 +26,13 @@ variable "supernet" {
default = "10.0.0.0/8"
}

# VPCs to create - the subnet definition (depending the VPC type) can be found in locals.tf
variable "vpcs" {
description = "VPCs to create"
# Spoke VPCs
variable "spoke_vpcs" {
description = "Spoke VPCs definition."
type = any
default = {

"inspection-vpc" = {
type = "inspection"
cidr_block = "10.129.0.0/24"
public_subnet_netmask = 28
private_subnet_netmask = 28
tgw_subnet_netmask = 28
number_azs = 2

flow_log_config = {
log_destination_type = "cloud-watch-logs"
retention_in_days = 7
}
}

default = {
"spoke-vpc-1" = {
type = "spoke"
cidr_block = "10.0.0.0/16"
private_subnet_netmask = 28
tgw_subnet_netmask = 28
Expand All @@ -61,7 +46,6 @@ variable "vpcs" {
}

"spoke-vpc-2" = {
type = "spoke"
cidr_block = "10.1.0.0/16"
private_subnet_netmask = 24
tgw_subnet_netmask = 28
Expand All @@ -74,4 +58,23 @@ variable "vpcs" {
}
}
}
}

# Inspection VPC
variable "inspection_vpc" {
description = "Inspection VPC definition."
type = any

default = {
cidr_block = "10.129.0.0/24"
public_subnet_netmask = 28
private_subnet_netmask = 28
tgw_subnet_netmask = 28
number_azs = 2

flow_log_config = {
log_destination_type = "cloud-watch-logs"
retention_in_days = 7
}
}
}

0 comments on commit d555353

Please sign in to comment.