Skip to content

Latest commit

 

History

History
47 lines (38 loc) · 2.38 KB

README.md

File metadata and controls

47 lines (38 loc) · 2.38 KB

tf-core

Core Terraform modules to create infrastructure resources with default tags. This modules can be used to write simple terraform modules to manage infrastructure.

Important Notes

  • Naming Convention: Resource names are dynamically generated using provided variables. We follow some convention while naming resources, please go through locals.tf/resource_identifier to understand pattern.
  • Permanent Resources: These resources will be created no matter what
  • Optional Resources: These resources are optional, will be created if flag variables are on.

Modules

  • state_backend: # We keep state in S3 and for state locking use DynamoDB. Every environment/cluster should implement this exactly once.

    • 1 S3 Bucket
    • 1 DynamoDB Table
  • vpc: # Every environment/cluster should implement this exactly once and try to re-use common resources (NAT Gateways, Public Route Table, VPC Endpoint) as much as possible

    • Permanent resources
      • 1 VPC
      • 1 Internet Gateway
      • 1 Public Route Table # This route table should be used while creating team/business specific subnet_resources
      • <n> Management Public Subnets # These subnets are used for NAT Gateways, n = no. of AZs
      • <n> Elastic IPs for Nat Gateways
      • <n> Nat Gateways # Per AZ. These NAT Gateways should be used for creating team/business specific subnet_resources
      • 1 VPC Endpoint for S3 # Automatically attached to public, This endpoint should be attached to specific route tables while creating team/business specific subnet_resources
    • Optional resources
      • Flow log # If VPC flow logs enabled
      • 1 Cloudwatch Log Group for Flow log
      • IAM Role and Policy for flow logs
  • subnet_resources: # Each team/business should implement this module to create their subnets and other resources. Any network related code for team/businesses should go here.

    • Permanent resources
      • <n> private subnets and <n> public subnets # n = no. of AZs
      • <n> route tables for each private subnet
      • <n> network ACLS for each private subnet
      • <n> S3 VPC endpoint association for private subnets
      • <n> NAT Gateway route and <n> route association with private subnets
      • <n> Public Route Table association with just created public subnets
  • Other modules can be used when they are needed