-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
107 lines (91 loc) · 3.11 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# Managed By : CloudDrove
# Description : This Script is used to create VPC, Internet Gateway and Flow log.
# Copyright @ CloudDrove. All Right Reserved.
#Module : labels
#Description : This terraform module is designed to generate consistent label names and tags
# for resources. You can use terraform-labels to implement a strict naming
# convention.
module "labels" {
source = "clouddrove/labels/aws"
version = "0.15.0"
name = var.name
environment = var.environment
managedby = var.managedby
label_order = var.label_order
repository = var.repository
}
#Module : VPC
#Description : Terraform module to create VPC resource on AWS.
resource "aws_vpc" "default" {
count = var.vpc_enabled ? 1 : 0
cidr_block = var.cidr_block
instance_tenancy = var.instance_tenancy
enable_dns_hostnames = var.enable_dns_hostnames
enable_dns_support = var.enable_dns_support
enable_classiclink = var.enable_classiclink
enable_classiclink_dns_support = var.enable_classiclink_dns_support
ipv4_ipam_pool_id = var.ipv4_ipam_pool_id
ipv4_netmask_length = var.ipv4_ipam_pool_id != "" ? var.ipv4_netmask_length : null
assign_generated_ipv6_cidr_block = true
tags = module.labels.tags
lifecycle {
# Ignore tags added by kubernetes
ignore_changes = [
tags,
tags["kubernetes.io"],
tags["SubnetType"],
]
}
}
#Module : INTERNET GATEWAY
#Description : Terraform module which creates Internet Geteway resources on AWS
resource "aws_internet_gateway" "default" {
count = var.vpc_enabled ? 1 : 0
vpc_id = join("", aws_vpc.default.*.id)
tags = merge(
module.labels.tags,
{
"Name" = format("%s-igw", module.labels.id)
}
)
}
#Module : FLOW LOG
#Description : Provides a VPC/Subnet/ENI Flow Log to capture IP traffic for a
# specific network interface, subnet, or VPC. Logs are sent to S3 Bucket.
resource "aws_flow_log" "vpc_flow_log" {
count = var.vpc_enabled && var.enable_flow_log == true ? 1 : 0
log_destination = var.s3_bucket_arn
log_destination_type = "s3"
traffic_type = var.traffic_type
vpc_id = join("", aws_vpc.default.*.id)
tags = module.labels.tags
}
resource "aws_vpc_ipv4_cidr_block_association" "secondary_cidr" {
for_each = toset(var.additional_cidr_block)
vpc_id = join("", aws_vpc.default.*.id)
cidr_block = each.key
}
#Module : Default Security Group
#Description : Ensure the default security group of every VPC restricts all traffic.
resource "aws_default_security_group" "default" {
count = var.vpc_enabled && var.restrict_default_sg == true ? 1 : 0
vpc_id = join("", aws_vpc.default.*.id)
ingress {
protocol = "-1"
self = true
from_port = 0
to_port = 0
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = merge(
module.labels.tags,
{
"Name" = format("%s-default-sg", module.labels.id)
}
)
}