Merge pull request #2 from devopswithzack/dev

Dev
awsfanboy · Mar 6, 2023 · 7210029 · 7210029
2 parents 7d92eb1 + a779924
commit 7210029
Show file tree

Hide file tree

Showing 6 changed files with 56 additions and 24 deletions.
diff --git a/.gitignore b/.gitignore
@@ -8,12 +8,6 @@
 # Crash log files
 crash.log
 
-# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
-# .tfvars files are managed as part of configuration and so should be included in
-# version control.
-#
-# example.tfvars
-
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
 override.tf
@@ -31,7 +25,5 @@ override.tf.json
 .idea
 .dccache
 
-# Igmore the local backend configuration file
-*.conf
-# Ignore the local env variable file
-*.tfvars
+# DevOps With Zack Configurations
+*.conf-devopswithzack
diff --git a/README.md b/README.md
@@ -1,2 +1,18 @@
-# labs-aws-networkfirewall
-This Terraform script will help to deploy AWS Network firewall and related resources to test the Lab.
+
+# AWS Network Firewall - Terraform 
+
+This repo is used to deploy and test the LAB described in my dev.to blog post.Let's Play With AWS Network Firewall (Hands on Lab). 
+
+![Logo](https://res.cloudinary.com/practicaldev/image/fetch/s--Jfn-9_l4--/c_imagga_scale,f_auto,fl_progressive,h_420,q_auto,w_1000/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hhlpdgjgwqg348wmnftk.png)
+
+
+## How to Deploy?
+
+Here is the dev.to link to my blog post how to test this lab.
+
+[dev.to Blog](https://github.com/matiassingers/awesome-readme)
+
+
+## Want to contribute?
+If you want to contribute to this LAB, please open a PR.
+
diff --git a/aws-network-firewall.tf b/aws-network-firewall.tf
@@ -43,9 +43,9 @@ resource "aws_networkfirewall_rule_group" "block_google" {
   rule_group {
     rule_variables {
       ip_sets {
-        key = "HOME_NET"
+        key = "APP_VPC"
         ip_set {
-          definition = [module.app_vpc.vpc_cidr_block, module.egress_vpc.vpc_cidr_block]
+          definition = [module.app_vpc.vpc_cidr_block]
         }
       }
     }

diff --git a/backend.conf b/backend.conf
@@ -0,0 +1,10 @@
+bucket         = "< bucket_name_here >"
+key            = "terraform/aws-nfw/terraform.tfstate"
+region         = "us-east-1"
+dynamodb_table = "< dynamodb_table_name >"
+profile        = "< profile >"
+encrypt        = true
+
+
+
+
diff --git a/env.tfvars b/env.tfvars
@@ -0,0 +1,24 @@
+project     = "devops-with-zack-demo"
+aws_profile = "dev"
+region      = "us-east-1"
+az_a        = "us-east-1a"
+team        = "devops"
+env         = "dev"
+
+#Inspection VPC
+inspection_vpc_cidr                 = "100.64.0.0/16"
+inspection_vpc_tgw_subnet_cidr      = "100.64.144.0/20"
+inspection_vpc_firewall_subnet_cidr = "100.64.128.0/20"
+
+#App VPC
+app_vpc_cidr                             = "10.1.0.0/16"
+app_vpc_tgw_subnet_cidr                  = "10.1.128.0/20"
+app_vpc_application_workload_subnet_cidr = "10.1.144.0/20"
+
+#App VPC
+egress_vpc_cidr            = "10.2.0.0/16"
+egress_vpc_tgw_subnet_cidr = "10.2.128.0/20"
+egress_vpc_igw_subnet_cidr = "10.2.144.0/20"
+
+#SSH Key -
+ssh_key = ""
diff --git a/variables.tf b/variables.tf
@@ -35,16 +35,6 @@ variable "env" {
   default     = ""
 }
 
-variable "public_subnet_a" {
-  type    = string
-  default = ""
-}
-
-variable "public_subnet_b" {
-  type    = string
-  default = ""
-
-}
 
 #Inspection VCP
 variable "inspection_vpc_cidr" {