init commit

terraform/layer1-aws/aws-acm.tf

@@ -19,5 +19,5 @@ module "acm" {
   subject_alternative_names = [
   "*.${local.domain_name}"]
 
-  tags = local.tags
+  tags = var.tags
 }

terraform/layer1-aws/aws-cis-benchmark-alerts.tf

@@ -453,16 +453,16 @@ module "eventbridge" {
     ]
   }
 
-  tags = local.tags
+  tags = var.tags
 }
 
 #tfsec:ignore:aws-sns-enable-topic-encryption
 resource "aws_sns_topic" "security_alerts" {
   count = var.aws_cis_benchmark_alerts.enabled ? 1 : 0
 
-  name = "${local.name}-security-alerts"
+  name = "${var.name}-security-alerts"
 
-  tags = local.tags
+  tags = var.tags
 }
 
 resource "aws_sns_topic_subscription" "security_alerts" {

terraform/layer1-aws/aws-cloudtrail.tf

@@ -1,22 +1,22 @@
 #tfsec:ignore:aws-cloudtrail-enable-at-rest-encryption tfsec:ignore:aws-cloudtrail-ensure-cloudwatch-integration
 resource "aws_cloudtrail" "main" {
-  name                          = local.name
+  name                          = var.name
   s3_bucket_name                = aws_s3_bucket.cloudtrail.id
   include_global_service_events = true
   enable_log_file_validation    = true
   enable_logging                = true
   is_multi_region_trail         = true
 
-  tags = local.tags
+  tags = var.tags
 
   depends_on = [aws_s3_bucket_policy.cloudtrail]
 }
 
 #tfsec:ignore:aws-s3-enable-bucket-logging tfsec:ignore:aws-s3-enable-versioning tfsec:ignore:aws-cloudtrail-require-bucket-access-logging
 resource "aws_s3_bucket" "cloudtrail" {
-  bucket = "${local.name}-aws-cloudtrail-logs"
+  bucket = "${var.name}-aws-cloudtrail-logs"
 
-  tags = local.tags
+  tags = var.tags
 }
 
 resource "aws_s3_bucket_lifecycle_configuration" "cloudtrail" {

terraform/layer1-aws/aws-pritunl.tf

@@ -3,10 +3,10 @@ module "pritunl" {
   count = var.pritunl_vpn_server_enable ? 1 : 0
 
   source          = "../modules/aws-pritunl"
-  environment     = local.env
-  vpc_id          = module.vpc.vpc_id
-  public_subnets  = module.vpc.public_subnets
-  private_subnets = module.vpc.private_subnets
+  environment     = var.env
+  vpc_id          = var.vpc_id
+  public_subnets  = var.public_subnets
+  private_subnets = var.private_subnets
   ingress_with_cidr_blocks = [
     {
       protocol    = "6"

terraform/layer1-aws/aws-r53.tf

@@ -14,7 +14,7 @@ module "r53_zone" {
   zones = {
     (var.domain_name) = {
       comment = var.domain_name
-      tags    = local.tags
+      tags    = var.tags
     }
   }
 }

terraform/layer1-aws/locals.tf

@@ -1,17 +1,8 @@
 # Use this as name base for all resources:
 locals {
   # COMMON
-  env            = terraform.workspace == "default" ? var.environment : terraform.workspace
-  short_region   = var.short_region[var.region]
-  name           = "${var.name}-${local.env}-${local.short_region}"
-  name_wo_region = "${var.name}-${local.env}"
-  domain_name    = var.domain_name
-  account_id     = data.aws_caller_identity.current.account_id
-
-  tags = {
-    Name        = local.name
-    Environment = local.env
-  }
+  domain_name = var.domain_name
+  account_id  = data.aws_caller_identity.current.account_id
 
   ssl_certificate_arn = var.create_acm_certificate ? module.acm.acm_certificate_arn : data.aws_acm_certificate.main[0].arn
 

terraform/layer1-aws/outputs.tf

@@ -1,118 +1,21 @@
-# Common outputs
-output "name" {
-  description = "Project name, required to form unique resource names"
-  value       = local.name
-}
-
-output "name_wo_region" {
-  description = "Project name, required to form unique resource names without short region"
-  value       = local.name_wo_region
-}
 
 output "domain_name" {
   description = "Domain name"
   value       = var.domain_name
 }
 
-output "env" {
-  description = "Suffix for the hostname depending on workspace"
-  value       = local.env
-}
-
 output "route53_zone_id" {
   description = "ID of domain zone"
   value       = local.zone_id
 }
 
-output "region" {
-  description = "Target region for all infrastructure resources"
-  value       = var.region
-}
-
-output "short_region" {
-  description = "The abbreviated name of the region, required to form unique resource names"
-  value       = local.short_region
-}
-
-output "az_count" {
-  description = "Count of avaiablity zones, min 2"
-  value       = var.az_count
-}
-
 output "allowed_ips" {
   description = "List of allowed ip's, used for direct ssh access to instances."
   value       = var.allowed_ips
 }
 
-output "vpc_name" {
-  description = "Name of infra VPC"
-  value       = module.vpc.name
-}
-
-output "vpc_id" {
-  description = "ID of infra VPC"
-  value       = module.vpc.vpc_id
-}
-
-output "vpc_cidr" {
-  description = "CIDR block of infra VPC"
-  value       = var.cidr
-}
-
-output "vpc_public_subnets" {
-  description = "Public subnets of infra VPC"
-  value       = module.vpc.public_subnets
-}
-
-output "vpc_private_subnets" {
-  description = "Private subnets of infra VPC"
-  value       = module.vpc.private_subnets
-}
-
-output "vpc_database_subnets" {
-  description = "Database subnets of infra VPC"
-  value       = module.vpc.database_subnets
-}
-
-output "vpc_intra_subnets" {
-  description = "Private intra subnets "
-  value       = module.vpc.intra_subnets
-}
-
-output "eks_cluster_endpoint" {
-  description = "Endpoint for EKS control plane."
-  value       = module.eks.cluster_endpoint
-}
-
-output "eks_cluster_security_group_id" {
-  description = "Security group ids attached to the cluster control plane."
-  value       = module.eks.cluster_security_group_id
-}
-
-output "eks_kubectl_console_config" {
-  value       = "aws eks update-kubeconfig --name ${module.eks.cluster_name} --region ${var.region}"
-  description = "description"
-  depends_on  = []
-}
-
-output "eks_cluster_id" {
-  value = module.eks.cluster_name
-}
-
-output "eks_oidc_provider_arn" {
-  description = "ARN of EKS oidc provider"
-  value       = module.eks.oidc_provider_arn
-}
-
 output "ssl_certificate_arn" {
   description = "ARN of SSL certificate"
   value       = local.ssl_certificate_arn
 }
 
-output "node_group_default_iam_role_arn" {
-  value = module.eks.self_managed_node_groups["default"].iam_role_arn
-}
-
-output "node_group_default_iam_role_name" {
-  value = module.eks.self_managed_node_groups["default"].iam_role_name
-}