feat: reworking the module a little (#15)

Makefile

@@ -23,50 +23,110 @@ default: all
 all: 
 	$(MAKE) init
 	$(MAKE) validate
-	$(MAKE) security
 	$(MAKE) lint
+	$(MAKE) security
 	$(MAKE) format
 	$(MAKE) documentation
-	$(MAKE) documentation-examples
-
-security: 
-	@echo "--> Running Security checks"
-	@tfsec .
 
 documentation: 
 	@echo "--> Generating documentation"
 	@terraform-docs markdown table --output-file ${PWD}/README.md --output-mode inject .
+	$(MAKE) documentation-modules
+	$(MAKE) documentation-examples
+
+documentation-modules:
+	@echo "--> Generating documentation for modules"
+	@if [ -d modules ]; then \
+		find modules -type d -mindepth 1 -maxdepth 1 -exec terraform-docs markdown table --output-file README.md --output-mode inject {} \; ; \
+	fi
 
 documentation-examples:
 	@echo "--> Generating documentation examples"
-	@find examples -type d -mindepth 1 -maxdepth 1 -exec terraform-docs markdown table --output-file README.md --output-mode inject {} \;
+	@if [ -d examples ]; then \
+		find examples -type d -mindepth 1 -maxdepth 1 -exec terraform-docs markdown table --output-file README.md --output-mode inject {} \; ; \
+	fi
 
 init: 
 	@echo "--> Running terraform init"
 	@terraform init -backend=false
 
-validate-all:
-	@echo "--> Running all validation checks"
-	$(MAKE) validate
-	$(MAKE) validate-examples
+security: 
+	@echo "--> Running Security checks"
+	@tfsec .
+	$(MAKE) security-modules
+	$(MAKE) security-examples
+
+security-modules:
+	@echo "--> Running Security checks on modules"
+	@if [ -d modules ]; then \
+		find modules -type d -mindepth 1 -maxdepth 1 | while read -r dir; do \
+			echo "--> Validating $$dir"; \
+			tfsec $$dir; \
+		done; \
+	fi
+
+security-examples:
+	@echo "--> Running Security checks on examples"
+	@if [ -d examples ]; then \
+		find examples -type d -mindepth 1 -maxdepth 1 | while read -r dir; do \
+			echo "--> Validating $$dir"; \
+			tfsec $$dir; \
+		done; \
+	fi
 
 validate:
 	@echo "--> Running terraform validate"
 	@terraform init -backend=false
 	@terraform validate
+	$(MAKE) validate-modules
+	$(MAKE) validate-examples
+
+validate-modules:
+	@echo "--> Running terraform validate on modules"
+	@if [ -d modules ]; then \
+		find modules -type d -mindepth 1 -maxdepth 1 | while read -r dir; do \
+			echo "--> Validating $$dir"; \
+			terraform -chdir=$$dir init -backend=false; \
+			terraform -chdir=$$dir validate; \
+		done; \
+	fi
 
 validate-examples:
 	@echo "--> Running terraform validate on examples"
-	@find examples -type d -mindepth 1 -maxdepth 1 | while read -r dir; do \
-		echo "--> Validating $$dir"; \
-		terraform -chdir=$$dir init; \
-		terraform -chdir=$$dir validate; \
-	done
+	@if [ -d examples ]; then \
+		find examples -type d -mindepth 1 -maxdepth 1 | while read -r dir; do \
+			echo "--> Validating $$dir"; \
+			terraform -chdir=$$dir init -backend=false; \
+			terraform -chdir=$$dir validate; \
+		done; \
+	fi
 
 lint:
 	@echo "--> Running tflint"
 	@tflint --init 
 	@tflint -f compact
+	$(MAKE) lint-modules
+	$(MAKE) lint-examples
+
+lint-modules:
+	@echo "--> Running tflint on modules"
+	@if [ -d modules ]; then \
+		find modules -type d -mindepth 1 -maxdepth 1 | while read -r dir; do \
+			echo "--> Linting $$dir"; \
+			tflint --chdir=$$dir --init; \
+			tflint --chdir=$$dir -f compact; \
+		done; \
+	fi
+
+lint-examples:
+	@echo "--> Running tflint on examples"
+	@if [ -d examples ]; then \
+		find examples -type d -mindepth 1 -maxdepth 1 | while read -r dir; do \
+			echo "--> Linting $$dir"; \
+			tflint --chdir=$$dir --init; \
+			tflint --chdir=$$dir -f compact; \
+		done; \
+	fi
 
 format: 
 	@echo "--> Running terraform fmt"

data.tf

@@ -0,0 +1,3 @@
+
+## Find the current region 
+data "aws_region" "current" {}

endpoints.tf

@@ -1,39 +1,40 @@
 
-## Provision a network for the endpoints vpc 
+## Provision an egress vpc if required 
 module "endpoints_vpc" {
   count   = local.enable_endpoints ? 1 : 0
   source  = "appvia/network/aws"
   version = "0.3.0"
 
-  availability_zones                     = var.connectivity_config.endpoints.network.availability_zones
-  enable_default_route_table_association = false
-  enable_default_route_table_propagation = false
-  enable_ipam                            = var.connectivity_config.endpoints.network.ipam_pool_id != null
+  availability_zones                     = var.services.endpoints.network.availability_zones
+  enable_default_route_table_association = local.enable_default_route_table_association
+  enable_default_route_table_propagation = local.enable_default_route_table_propagation
+  enable_ipam                            = var.services.endpoints.network.ipam_pool_id != null
   enable_transit_gateway                 = true
-  enable_transit_gateway_appliance_mode  = true
-  ipam_pool_id                           = var.connectivity_config.endpoints.network.ipam_pool_id
-  name                                   = var.connectivity_config.endpoints.network.name
-  private_subnet_netmask                 = var.connectivity_config.endpoints.network.private_netmask
+  ipam_pool_id                           = var.services.endpoints.network.ipam_pool_id
+  name                                   = var.services.endpoints.network.name
+  private_subnet_netmask                 = var.services.endpoints.network.private_netmask
   tags                                   = var.tags
   transit_gateway_id                     = module.tgw.ec2_transit_gateway_id
-  vpc_cidr                               = var.connectivity_config.endpoints.network.vpc_cidr
-  vpc_netmask                            = var.connectivity_config.endpoints.network.vpc_netmask
+  vpc_cidr                               = var.services.endpoints.network.vpc_cidr
+  vpc_netmask                            = var.services.endpoints.network.vpc_netmask
 }
 
 ## Provision if required the shared private endpoints
 module "endpoints" {
   count   = local.enable_endpoints ? 1 : 0
   source  = "appvia/private-endpoints/aws"
-  version = "0.2.2"
+  version = "0.2.4"
 
-  name      = var.connectivity_config.endpoints.network.name
-  endpoints = var.connectivity_config.endpoints.services
+  name      = var.services.endpoints.network.name
+  endpoints = var.services.endpoints.services
+  region    = local.region
   tags      = var.tags
 
   network = {
     create                    = false
+    name                      = var.services.endpoints.network.name
     private_subnet_cidr_by_id = module.endpoints_vpc[0].private_subnet_cidr_by_id
-    transit_gateway_id        = module.tgw.ec2_transit_gateway_id
+    vpc_dns_resolver          = cidrhost(module.endpoints_vpc[0].vpc_cidr, 2)
     vpc_id                    = module.endpoints_vpc[0].vpc_id
   }
 
@@ -45,6 +46,8 @@ module "endpoints" {
   }
 
   sharing = {
-    principals = var.connectivity_config.endpoints.sharing.principals
+    principals = var.services.endpoints.sharing.principals
   }
+
+  depends_on = [module.endpoints_vpc]
 }

examples/complete/main.tf

@@ -17,7 +17,7 @@ module "hub" {
   ram_share_principals       = values(var.ram_principals)
   tags                       = var.tags
 
-  connectivity_config = {
+  services = {
     egress = {
       network = {
         availability_zones = 2
@@ -38,16 +38,6 @@ module "hub" {
       }
     }
 
-    inspection = {
-      network = {
-        availability_zones     = 3
-        vpc_cidr               = "100.64.0.0/21"
-        name                   = "inspection"
-        private_subnet_netmask = 24
-        public_subnet_netmask  = 24
-      }
-    }
-
     endpoints = {
       services = {
         ec2messages = {
@@ -73,4 +63,17 @@ module "hub" {
       }
     }
   }
+
+  connectivity_config = {
+    inspection_with_all = {
+      network = {
+        availability_zones     = 3
+        vpc_cidr               = "100.64.0.0/21"
+        name                   = "inspection"
+        private_subnet_netmask = 24
+        public_subnet_netmask  = 24
+      }
+    }
+
+  }
 }

examples/inspection/README.md

@@ -27,7 +27,7 @@ No resources.
 |------|-------------|------|---------|:--------:|
 | <a name="input_asn"></a> [asn](#input\_asn) | The ASN of the gateway. | `number` | `64512` | no |
 | <a name="input_name"></a> [name](#input\_name) | The name of the transit gateway to provision. | `string` | `"main-hub"` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the resources. | `map(string)` | `{}` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the resources. | `map(string)` | <pre>{<br>  "Environment": "test",<br>  "GitRepo": "https://github.com/appvia/terraform-aws-connectivity"<br>}</pre> | no |
 
 ## Outputs
 

examples/inspection/main.tf

@@ -16,14 +16,60 @@ module "hub" {
   enable_vpn_ecmp_support    = true
   tags                       = var.tags
 
+  services = {
+    egress = {
+      network = {
+        availability_zones = 2
+        name               = "egress"
+        private_netmask    = 24
+        public_netmask     = 24
+        vpc_cidr           = "10.20.0.0/21"
+      }
+    }
+
+    ingress = {
+      network = {
+        availability_zones = 2
+        name               = "ingress"
+        private_netmask    = 24
+        public_netmask     = 24
+        vpc_cidr           = "10.20.8.0/21"
+      }
+    }
+
+    endpoints = {
+      services = {
+        ec2messages = {
+          service = "ec2messages"
+        },
+        ssm = {
+          service = "ssm"
+        },
+        ssmmessages = {
+          service = "ssmmessages"
+        },
+      }
+
+      sharing = {
+        principals = []
+      }
+
+      network = {
+        availability_zones = 2
+        name               = "endpoints"
+        private_netmask    = 24
+        vpc_cidr           = "10.20.16.0/21"
+      }
+    }
+  }
+
   connectivity_config = {
-    inspection = {
+    inspection_with_all = {
       ## Will be created in the hub account i.e. provider aws 
       network = {
         availability_zones = 3
         name               = "inspection"
         private_netmask    = 24
-        public_netmask     = 24
         vpc_cidr           = "100.64.0.0/21"
       }
     }

examples/inspection/variables.tf

@@ -19,5 +19,8 @@ variable "asn" {
 variable "tags" {
   description = "A map of tags to assign to the resources."
   type        = map(string)
-  default     = {}
+  default = {
+    Environment = "test"
+    GitRepo     = "https://github.com/appvia/terraform-aws-connectivity"
+  }
 }

examples/trusted/README.md

@@ -27,6 +27,7 @@ No resources.
 |------|-------------|------|---------|:--------:|
 | <a name="input_asn"></a> [asn](#input\_asn) | The ASN of the gateway. | `number` | `64512` | no |
 | <a name="input_name"></a> [name](#input\_name) | The name of the transit gateway to provision. | `string` | `"main-hub"` | no |
+| <a name="input_ram_principals"></a> [ram\_principals](#input\_ram\_principals) | The AWS RAM principal to share the transit gateway with. | `map(string)` | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the resources. | `map(string)` | `{}` | no |
 | <a name="input_trusted_attachments"></a> [trusted\_attachments](#input\_trusted\_attachments) | The list of trusted account IDs. | `list(string)` | `[]` | no |