diff --git a/run.sh b/run.sh index 53d3872..23dbcdb 100644 --- a/run.sh +++ b/run.sh @@ -5,6 +5,7 @@ usage() { usage: ${0##*/} [command] -h Print this help message. -v Validate terraform config. + -p Show changes required by the current terraform config. -a Create or update infraestructure. -d Destroy infraestructure. EOF @@ -12,10 +13,11 @@ EOF } RUN= -while getopts "hvad" OPTION; do +while getopts "hvpad" OPTION; do case $OPTION in a) RUN=apply ;; v) RUN=validate ;; + p) RUN=plan ;; d) RUN=destroy ;; *) usage ;; esac @@ -23,7 +25,7 @@ done dir="$PWD" -cd "$dir/terraform/organization/bsmsapp" || exit +cd "$dir/terraform/organization" || exit terraform init if [ "$RUN" = 'apply' ]; then diff --git a/terraform/modules/apigw/variables.tf b/terraform/modules/apigw/variables.tf index 8953c84..ef0bca6 100644 --- a/terraform/modules/apigw/variables.tf +++ b/terraform/modules/apigw/variables.tf @@ -26,7 +26,7 @@ variable "lambda_function_arn" { } variable "lambda_source_arn" { - type = string + type = string } variable "lambda_function_name" { diff --git a/terraform/modules/apigw/versions.tf b/terraform/modules/apigw/versions.tf index 4e5e7ab..bceb8d0 100644 --- a/terraform/modules/apigw/versions.tf +++ b/terraform/modules/apigw/versions.tf @@ -2,9 +2,9 @@ terraform { required_version = ">= 1.0.6" required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 4.10.0" - } + aws = { + source = "hashicorp/aws" + version = ">= 4.10.0" + } } -} \ No newline at end of file +} diff --git a/terraform/modules/cloudfront/main.tf b/terraform/modules/cloudfront/main.tf index 57141a8..75c13ed 100644 --- a/terraform/modules/cloudfront/main.tf +++ b/terraform/modules/cloudfront/main.tf @@ -1,5 +1,5 @@ # --------------------------------------------------------------------------- -# Amazon Cloudfront +# Amazon CloudFront # --------------------------------------------------------------------------- resource "aws_cloudfront_distribution" "this" { @@ -12,18 +12,18 @@ resource "aws_cloudfront_distribution" "this" { for_each = var.origin content { - domain_name = origin.value.domain_name - origin_id = lookup(origin.value, "origin_id", origin.key) - origin_path = lookup(origin.value, "origin_path", "") + domain_name = origin.value.domain_name + origin_id = lookup(origin.value, "origin_id", origin.key) + origin_path = lookup(origin.value, "origin_path", "") dynamic "custom_origin_config" { for_each = length(lookup(origin.value, "custom_origin_config", "")) == 0 ? [] : [lookup(origin.value, "custom_origin_config", "")] content { - http_port = custom_origin_config.value.http_port - https_port = custom_origin_config.value.https_port - origin_protocol_policy = custom_origin_config.value.origin_protocol_policy - origin_ssl_protocols = custom_origin_config.value.origin_ssl_protocols + http_port = custom_origin_config.value.http_port + https_port = custom_origin_config.value.https_port + origin_protocol_policy = custom_origin_config.value.origin_protocol_policy + origin_ssl_protocols = custom_origin_config.value.origin_ssl_protocols } } } @@ -37,8 +37,8 @@ resource "aws_cloudfront_distribution" "this" { target_origin_id = i.value["target_origin_id"] viewer_protocol_policy = i.value["viewer_protocol_policy"] - allowed_methods = lookup(i.value, "allowed_methods", ["GET", "HEAD", "OPTIONS"]) - cached_methods = lookup(i.value, "cached_methods", ["GET", "HEAD"]) + allowed_methods = lookup(i.value, "allowed_methods", ["GET", "HEAD", "OPTIONS"]) + cached_methods = lookup(i.value, "cached_methods", ["GET", "HEAD"]) min_ttl = lookup(i.value, "min_ttl", null) default_ttl = lookup(i.value, "default_ttl", null) @@ -63,4 +63,4 @@ resource "aws_cloudfront_distribution" "this" { viewer_certificate { cloudfront_default_certificate = true } -} \ No newline at end of file +} diff --git a/terraform/modules/cloudfront/outputs.tf b/terraform/modules/cloudfront/outputs.tf new file mode 100644 index 0000000..bf2e193 --- /dev/null +++ b/terraform/modules/cloudfront/outputs.tf @@ -0,0 +1,3 @@ +# -------------------------------------------------------------------- +# CloudFront outputs +# -------------------------------------------------------------------- diff --git a/terraform/modules/cloudfront/variables.tf b/terraform/modules/cloudfront/variables.tf index e6b9b76..4ad89c9 100644 --- a/terraform/modules/cloudfront/variables.tf +++ b/terraform/modules/cloudfront/variables.tf @@ -1,5 +1,5 @@ # --------------------------------------------------------------------------- -# Amazon Cloudfront variables +# Amazon CloudFront variables # --------------------------------------------------------------------------- variable "web_acl_id" { @@ -36,4 +36,4 @@ variable "enabled" { description = "Whether the distribution is enabled to accept end user requests for content." type = bool default = true -} \ No newline at end of file +} diff --git a/terraform/modules/cloudfront/versions.tf b/terraform/modules/cloudfront/versions.tf index eb9ed4c..bceb8d0 100644 --- a/terraform/modules/cloudfront/versions.tf +++ b/terraform/modules/cloudfront/versions.tf @@ -7,4 +7,4 @@ terraform { version = ">= 4.10.0" } } -} \ No newline at end of file +} diff --git a/terraform/modules/dynamodb/main.tf b/terraform/modules/dynamodb/main.tf index 850a17d..93fbc78 100644 --- a/terraform/modules/dynamodb/main.tf +++ b/terraform/modules/dynamodb/main.tf @@ -3,15 +3,10 @@ # --------------------------------------------------------------------------- resource "aws_dynamodb_table" "this" { - name = var.name - read_capacity = var.read_capacity - write_capacity = var.write_capacity - billing_mode = var.billing_mode - - # attribute { - # name = var.hash_key - # type = "S" - # } + name = var.name + read_capacity = var.read_capacity + write_capacity = var.write_capacity + billing_mode = var.billing_mode dynamic "attribute" { for_each = var.attributes @@ -22,6 +17,6 @@ resource "aws_dynamodb_table" "this" { } } - hash_key = var.hash_key - tags = var.tags + hash_key = var.hash_key + tags = var.tags } diff --git a/terraform/modules/dynamodb/variables.tf b/terraform/modules/dynamodb/variables.tf index 66bc32f..e1704d8 100644 --- a/terraform/modules/dynamodb/variables.tf +++ b/terraform/modules/dynamodb/variables.tf @@ -48,4 +48,4 @@ variable "tags" { description = "A map of tags to add to all resources" type = map(string) default = {} -} \ No newline at end of file +} diff --git a/terraform/modules/dynamodb/versions.tf b/terraform/modules/dynamodb/versions.tf index 4e5e7ab..bceb8d0 100644 --- a/terraform/modules/dynamodb/versions.tf +++ b/terraform/modules/dynamodb/versions.tf @@ -2,9 +2,9 @@ terraform { required_version = ">= 1.0.6" required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 4.10.0" - } + aws = { + source = "hashicorp/aws" + version = ">= 4.10.0" + } } -} \ No newline at end of file +} diff --git a/terraform/modules/lambda/outputs.tf b/terraform/modules/lambda/outputs.tf index 48089aa..67521fa 100644 --- a/terraform/modules/lambda/outputs.tf +++ b/terraform/modules/lambda/outputs.tf @@ -10,4 +10,4 @@ output "lambda_function_arn" { output "lambda_function_name" { description = "The name of the Lambda Function" value = aws_lambda_function.this.function_name -} \ No newline at end of file +} diff --git a/terraform/modules/lambda/variables.tf b/terraform/modules/lambda/variables.tf index 000f5ef..3c106bb 100644 --- a/terraform/modules/lambda/variables.tf +++ b/terraform/modules/lambda/variables.tf @@ -55,4 +55,4 @@ variable "vpc_security_group_ids" { description = "List of security group ids when Lambda Function should run in the VPC." type = list(string) default = null -} \ No newline at end of file +} diff --git a/terraform/modules/lambda/versions.tf b/terraform/modules/lambda/versions.tf index eb9ed4c..bceb8d0 100644 --- a/terraform/modules/lambda/versions.tf +++ b/terraform/modules/lambda/versions.tf @@ -7,4 +7,4 @@ terraform { version = ">= 4.10.0" } } -} \ No newline at end of file +} diff --git a/terraform/modules/s3/main.tf b/terraform/modules/s3/main.tf index 6bee21b..3c41d74 100644 --- a/terraform/modules/s3/main.tf +++ b/terraform/modules/s3/main.tf @@ -2,13 +2,11 @@ # Amazon S3 # ------------------------------------------------------------------------------ -# 1 - S3 bucket resource "aws_s3_bucket" "this" { bucket = var.bucket_name object_lock_enabled = false } -# 2 -Bucket policy resource "aws_s3_bucket_policy" "this" { count = var.objects != {} ? 1 : 0 @@ -16,7 +14,6 @@ resource "aws_s3_bucket_policy" "this" { policy = data.aws_iam_policy_document.this.json } -# 3 -Website configuration resource "aws_s3_bucket_website_configuration" "this" { bucket = aws_s3_bucket.this.id @@ -29,19 +26,17 @@ resource "aws_s3_bucket_website_configuration" "this" { } } -# 4 - Access Control List resource "aws_s3_bucket_acl" "this" { bucket = aws_s3_bucket.this.id acl = var.bucket_acl } -# 5 - Upload objects resource "aws_s3_object" "this" { - for_each = try(var.objects, {}) #{ for object, key in var.objects: object => key if try(var.objects, {}) != {} } + for_each = try(var.objects, {}) bucket = aws_s3_bucket.this.id - key = try(each.value.rendered, replace(each.value.filename, "html/", "")) # remote path - source = try(each.value.rendered, format("./../resources/%s", each.value.filename)) # where is the file located + key = try(each.value.rendered, replace(each.value.filename, "html/", "")) + source = try(each.value.rendered, format("./../resources/%s", each.value.filename)) content_type = each.value.content_type storage_class = try(each.value.tier, "STANDARD") } diff --git a/terraform/modules/s3/outputs.tf b/terraform/modules/s3/outputs.tf index ffa930f..335f10e 100644 --- a/terraform/modules/s3/outputs.tf +++ b/terraform/modules/s3/outputs.tf @@ -1,5 +1,5 @@ # -------------------------------------------------------------------- -# Amazon S3 buckets output +# Amazon S3 output # -------------------------------------------------------------------- output "id" { @@ -14,5 +14,5 @@ output "arn" { output "website_endpoint" { description = "The website endpoint, if the bucket is configured with a website. If not, this will be an empty string." - value = aws_s3_bucket.this.website_endpoint + value = aws_s3_bucket_website_configuration.this.website_endpoint } diff --git a/terraform/modules/sqs/main.tf b/terraform/modules/sqs/main.tf index 7c8c030..1408370 100644 --- a/terraform/modules/sqs/main.tf +++ b/terraform/modules/sqs/main.tf @@ -2,18 +2,16 @@ # Amazon Simple Queue Service # ------------------------------------------------------------------------------ -resource "aws_sqs_queue" "terraform_queue" { - name = "terraform-example-queue" - delay_seconds = 90 - max_message_size = 2048 - message_retention_seconds = 86400 - receive_wait_time_seconds = 10 - redrive_policy = jsonencode({ - deadLetterTargetArn = aws_sqs_queue.terraform_queue_deadletter.arn - maxReceiveCount = 4 - }) +# resource "aws_sqs_queue" "terraform_queue" { +# name = var.name +# delay_seconds = 90 +# max_message_size = 2048 +# message_retention_seconds = 86400 +# receive_wait_time_seconds = 10 +# redrive_policy = jsonencode({ +# deadLetterTargetArn = aws_sqs_queue.terraform_queue_deadletter.arn +# maxReceiveCount = 4 +# }) - tags = { - Environment = "production" - } -} \ No newline at end of file +# tags = var.tags +# } diff --git a/terraform/organization/apigw.tf b/terraform/organization/apigw.tf index ccbecac..c74359d 100644 --- a/terraform/organization/apigw.tf +++ b/terraform/organization/apigw.tf @@ -9,13 +9,13 @@ module "apigw" { module.lambda ] - name = "AWSAPIGateway-g3" - description = "..." - lambda_function_arn = module.lambda["lambda"].lambda_function_arn - lambda_function_name = module.lambda["lambda"].lambda_function_name - lambda_source_arn = "arn:aws:execute-api:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}" - - tags = { + name = "AWSAPIGateway-g3" + description = "..." + lambda_function_arn = module.lambda["lambda"].lambda_function_arn + lambda_function_name = module.lambda["lambda"].lambda_function_name + lambda_source_arn = "arn:aws:execute-api:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}" + + tags = { name = "Api Gateway" } -} \ No newline at end of file +} diff --git a/terraform/organization/cloudfront.tf b/terraform/organization/cloudfront.tf index 22573f0..a7fc8b1 100644 --- a/terraform/organization/cloudfront.tf +++ b/terraform/organization/cloudfront.tf @@ -11,7 +11,7 @@ module "cloudfront" { origin = { api-gateway = { domain_name = replace(replace(module.apigw.api_endpoint, "https://", ""), "/", "") - + custom_origin_config = { http_port = 80 https_port = 443 @@ -32,8 +32,8 @@ module "cloudfront" { } default_cache_behavior = { - target_origin_id = "s3" - viewer_protocol_policy = "allow-all" + target_origin_id = "s3" + viewer_protocol_policy = "allow-all" allowed_methods = ["GET", "HEAD", "OPTIONS"] cached_methods = ["GET", "HEAD"] diff --git a/terraform/organization/datasources.tf b/terraform/organization/datasources.tf index 2c2ad17..3048773 100644 --- a/terraform/organization/datasources.tf +++ b/terraform/organization/datasources.tf @@ -15,4 +15,4 @@ data "template_file" "userdata" { vars = { ENDPOINT = "${module.apigw.api_endpoint}" } -} \ No newline at end of file +} diff --git a/terraform/organization/dynamodb.tf b/terraform/organization/dynamodb.tf index 2d6a71e..ef75666 100644 --- a/terraform/organization/dynamodb.tf +++ b/terraform/organization/dynamodb.tf @@ -5,11 +5,11 @@ module "dynamodb" { aws = aws.aws } - name = "AWSDynamoDB-g3" - billing_mode = "PROVISIONED" - read_capacity = 20 - write_capacity = 20 - hash_key = "id" + name = "AWSDynamoDB-g3" + billing_mode = "PROVISIONED" + read_capacity = 20 + write_capacity = 20 + hash_key = "id" attributes = [ { @@ -17,8 +17,8 @@ module "dynamodb" { type = "N" } ] - - tags = { + + tags = { name = "DynamoDB-stock" } -} \ No newline at end of file +} diff --git a/terraform/organization/locals.tf b/terraform/organization/locals.tf index 0bded4a..3390935 100644 --- a/terraform/organization/locals.tf +++ b/terraform/organization/locals.tf @@ -30,11 +30,11 @@ locals { lambdas = { lambda = { - package = "${local.path}/lambda/lambda.zip" + package = "${local.path}/lambda/lambda.zip" function_name = "AWSLambdaHandler-${replace(local.bucket_name, "-", "")}" role = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole" handler = "lambda_handler.main" runtime = "python3.9" } } -} \ No newline at end of file +} diff --git a/terraform/organization/provider.tf b/terraform/organization/provider.tf index 8709258..443395e 100644 --- a/terraform/organization/provider.tf +++ b/terraform/organization/provider.tf @@ -7,8 +7,8 @@ provider "aws" { default_tags { tags = { - author = "g3" - version = 1 + author = "g3" + version = 1 } } -} \ No newline at end of file +} diff --git a/terraform/organization/sqs.tf b/terraform/organization/sqs.tf index e69de29..8b13789 100644 --- a/terraform/organization/sqs.tf +++ b/terraform/organization/sqs.tf @@ -0,0 +1 @@ + diff --git a/terraform/organization/versions.tf b/terraform/organization/versions.tf index eb9ed4c..bceb8d0 100644 --- a/terraform/organization/versions.tf +++ b/terraform/organization/versions.tf @@ -7,4 +7,4 @@ terraform { version = ">= 4.10.0" } } -} \ No newline at end of file +} diff --git a/terraform/organization/vpc.tf b/terraform/organization/vpc.tf index af68be3..7e65944 100644 --- a/terraform/organization/vpc.tf +++ b/terraform/organization/vpc.tf @@ -1,57 +1,31 @@ -# module "vpc" { -# source = "terraform-aws-modules/vpc/aws" - -# name = "my-vpc" -# cidr = "10.0.0.0/16" - -# azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] -# private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] -# public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] - -# enable_nat_gateway = true -# enable_vpn_gateway = true - -# tags = { -# Terraform = "true" -# Environment = "dev" -# } -# } - -locals { - name = "ex-${replace(basename(path.cwd), "_", "-")}" - region = "us-east-1" - - tags = { - Example = local.name - GithubRepo = "terraform-aws-vpc" - GithubOrg = "terraform-aws-modules" - } -} - ################################################################################ -# VPC Module +# VPC Module (from terraform-aws-modules) ################################################################################ module "vpc" { source = "terraform-aws-modules/vpc/aws" - name = local.name + providers = { + aws = aws.aws + } + + name = "vpc-g3-bsmsapp" cidr = "10.0.0.0/16" - azs = ["${local.region}a", "${local.region}b"] - private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] - public_subnets = ["10.0.3.0/24", "10.0.4.0/24"] + azs = ["${data.aws_region.current.name}a", "${data.aws_region.current.name}b"] + private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] + public_subnets = ["10.0.3.0/24", "10.0.4.0/24"] create_database_subnet_group = false manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.name}-default" } + default_network_acl_tags = { Name = "vpc-g3-bsmsapp-default" } manage_default_route_table = true - default_route_table_tags = { Name = "${local.name}-default" } + default_route_table_tags = { Name = "vpc-g3-bsmsapp-default" } manage_default_security_group = true - default_security_group_tags = { Name = "${local.name}-default" } + default_security_group_tags = { Name = "vpc-g3-bsmsapp-default" } enable_dns_hostnames = true enable_dns_support = true @@ -59,7 +33,9 @@ module "vpc" { enable_nat_gateway = true single_nat_gateway = true - tags = local.tags + tags = { + Name = "vpc-g3-bsmsapp" + } } module "vpc_endpoints" { @@ -83,10 +59,11 @@ module "vpc_endpoints" { }, } - tags = merge(local.tags, { + tags = { + Name = "vpc-g3-bsmsapp" Project = "Secret" Endpoint = "true" - }) + } } # module "vpc_endpoints_nocreate" { @@ -145,7 +122,7 @@ data "aws_iam_policy_document" "generic_endpoint_policy" { } resource "aws_security_group" "vpc_tls" { - name_prefix = "${local.name}-vpc_tls" + name_prefix = "vpc-g3-bsmsapp-vpc_tls" description = "Allow TLS inbound traffic" vpc_id = module.vpc.vpc_id @@ -157,5 +134,7 @@ resource "aws_security_group" "vpc_tls" { cidr_blocks = [module.vpc.vpc_cidr_block] } - tags = local.tags -} \ No newline at end of file + tags = { + Name = "vpc-g3-bsmsapp" + } +}