Merge branch 'prod' into main

.github/workflows/terraform.yml

@@ -0,0 +1,101 @@
+# This workflow installs the latest version of Terraform CLI and configures the Terraform CLI configuration file
+# with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run
+# `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events
+# to the $default-branch branch, `terraform apply` will be executed.
+#
+# Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform
+#
+# To use this workflow, you will need to complete the following setup steps.
+#
+# 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined.
+#   Example `main.tf`:
+#     # The configuration for the `remote` backend.
+#     terraform {
+#       backend "remote" {
+#         # The name of your Terraform Cloud organization.
+#         organization = "example-organization"
+#
+#         # The name of the Terraform Cloud workspace to store Terraform state files in.
+#         workspaces {
+#           name = "example-workspace"
+#         }
+#       }
+#     }
+#
+#     # An example resource that does nothing.
+#     resource "null_resource" "example" {
+#       triggers = {
+#         value = "A example resource that does nothing!"
+#       }
+#     }
+#
+#
+# 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository.
+#   Documentation:
+#     - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html
+#     - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
+#
+# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action.
+#   Example:
+#     - name: Setup Terraform
+#       uses: hashicorp/setup-terraform@v1
+#       with:
+#         cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+name: Terraform Build
+
+on:
+  push:
+    branches:
+    - test
+  pull_request:
+    branches:
+    - prod
+    tags:
+    - v1.*
+
+
+
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    environment: test
+
+    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v1
+      with:
+        cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+    # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
+    - name: Terraform Init
+      run: terraform init
+      working-directory: ./terraform
+
+    # Checks that all Terraform configuration files adhere to a canonical format
+    - name: Terraform Format
+      run: terraform fmt -check
+      working-directory: ./terraform
+
+    # Generates an execution plan for Terraform
+    - name: Terraform Plan
+      run: terraform plan
+      working-directory: ./terraform
+
+      # On push to $default-branch, build or change infrastructure according to Terraform configuration files
+      # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
+    - name: Terraform Apply
+      if: github.ref == 'refs/heads/$default-branch' && github.event_name == 'push'
+      run: terraform apply -auto-approve
+      working-directory: ./terraform

.gitignore

@@ -1,2 +1,6 @@
 
 .DS_Store
+
+terraform/.terraform/
+
+terraform/.terraform.lock.hcl

README.md

@@ -1,5 +1,5 @@
 # Welcome to Terraform AWS VPC Template 👋
-![Version](https://img.shields.io/badge/version-1.0.0--dev-blue.svg?cacheSeconds=2592000)
+![Version](https://img.shields.io/badge/version-test-blue.svg?cacheSeconds=2592000)
 [![Documentation](https://img.shields.io/badge/documentation-yes-brightgreen.svg)](https://dev-aws-kubernetes-vpc.readthedocs.io/en/latest/)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://mit-license.org/)
 [![Twitter: DevopsPleb](https://img.shields.io/twitter/follow/DevopsPleb.svg?style=social)](https://twitter.com/DevopsPleb)

terraform/main.tf

@@ -1,64 +1,79 @@
+terraform {
+  backend "remote" {
+    organization = "BrynardSecurity-test"
+
+    workspaces {
+      name = "AWS-VPC_Devops-Test"
+    }
+  }
+}
+
 provider "aws" {
-    region = "us-east-2"
+  region = "us-east-2"
 }
 
 locals {
-    name = var.vpc_name
-    region = var.aws_region
-    tags = {
-        Owner = var.aws_account
-        Environment = var.environment
-        Name = var.vpc_name
-    }
+  name         = var.vpc_name
+  build_date   = formatdate("YYYY-MM-DD", timestamp())
+  build_branch = var.build_branch
+  region       = var.aws_region
+  tags = {
+    "Account ID"    = var.aws_account
+    "Account Alias" = var.aws_account_alias
+    Environment     = var.environment
+    Name            = var.vpc_name
+    "Build Branch"  = var.build_branch
+    "Build Repo"    = var.build_repo
+  }
 }
 
-module "vpc_example_complete-vpc" {
+module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
   version = "3.11.0"
 
-  name = local.name
-  cidr = 10.0.0.0/8
+  name = "${local.name}-${local.build_date}"
+  cidr = var.cidr
+
+  azs             = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  private_subnets = ["20.10.1.0/24", "20.10.2.0/24", "20.10.3.0/24"]
+  public_subnets  = ["20.10.11.0/24", "20.10.12.0/24", "20.10.13.0/24"]
 
-  azs                   = ["${local.region}a", "${local.region}b", "${local.region}c"]
-  private_subnets       = ["10.20.1.0/24", "10.20.2.0/24", "10.20.3.0/24"]
-  public_subnets        = ["10.20.11.0/24", "10.20.12.0/24", "10.20.13.0/24"]
+  manage_default_route_table = true
+  default_route_table_tags   = { DefaultRouteTable = true }
 
-  manage_default_route_table    = true
-  default_route_table_tags      = { DefaultRouteTable = true }
-
-  enable_dns_hostname           = true
-  enable_dns_support            = true
+  enable_dns_hostnames = true
+  enable_dns_support   = true
 
-  enable_classiclink                = true
-  enable_classiclink_dns_support    = true
+  enable_classiclink             = false
+  enable_classiclink_dns_support = false
 
-  enable_nat_gateway            = true
-  single_nat_gateway            = true
+  enable_nat_gateway = true
+  single_nat_gateway = true
 
   customer_gateways = {
-      IP1 = {
-          bgp_asn       = 65112
-          ip_address    = var.customer_gateway_ip
-          device_name   = var.device_name
-      }
+    IP1 = {
+      bgp_asn     = 65112
+      ip_address  = var.customer_gateway_ip
+      device_name = var.device_name
+    }
   }
-  enable_vpn_gateway        = true
-  
-  enable_dhcp_options       = false
-  
-  manage_default_security_group     = true
-  default_security_group_ingress    = []
-  default_security_group_egress     = []
-
-  enable_flow_log                            = false
+  enable_vpn_gateway = true
+
+  enable_dhcp_options = false
+
+  manage_default_security_group  = true
+  default_security_group_ingress = []
+  default_security_group_egress  = []
+
+  enable_flow_log = false
 }
 
 module "vpc_endpoints_nocreate" {
-    source = "../../modules/vpc-endpoints"
-    create = false
+  source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
+  create = false
 }
 
 data "aws_security_group" "default" {
-    name    = "sg-${var.vpc_name}-${var.environment}"
-    vpc_id  = module.vpc.vpc_id
+  name   = "${local.name}-${local.build_date}"
+  vpc_id = module.vpc.vpc_id
 }

terraform/variables.tf

@@ -0,0 +1,27 @@
+variable "vpc_name" {
+  description = "Name of the VPC to deploy in the AWS account."
+}
+variable "aws_region" {
+  description = "Region in which to deploy the VPC."
+}
+variable "aws_account" {
+  description = "The AWS Account ID."
+}
+variable "aws_account_alias" {
+  description = "AWS Account alias."
+  default     = ""
+}
+variable "customer_gateway_ip" {
+  description = "IP address of the customer gateway."
+}
+variable "device_name" {
+  description = "Customer gateway device name."
+}
+variable "environment" {
+  description = "Deployment environment. Possible values: Prod, Staging, Test, Dev."
+}
+variable "cidr" {
+  description = "CIDR range for VPC deployment. Possible values: 10.0.0.0/16, 20.10.0.0/16"
+}
+variable "build_branch" {}
+variable "build_repo" {}