fix: update main.tf, version.tf and github action and add locals in e…

…xample
clouddrove · Aug 28, 2023 · db7e7bf · db7e7bf
1 parent 545275d
commit db7e7bf
Show file tree

Hide file tree

Showing 20 changed files with 1,003 additions and 265 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,30 @@
+# EditorConfig is awesome: http://EditorConfig.org
+# Uses editorconfig to maintain consistent coding styles
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+max_line_length = 80
+trim_trailing_whitespace = true
+
+[*.{tf,tfvars}]
+indent_size = 2
+indent_style = space
+
+[*.md]
+max_line_length = 0
+trim_trailing_whitespace = false
+
+[Makefile]
+tab_width = 2
+indent_style = tab
+
+[COMMIT_EDITMSG]
+max_line_length = 0
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,2 +1,2 @@
 # These owners will be the default owners for everything in the repo.
-*    @anmolnagpal @clouddrove/approvers @clouddrove-ci
+*       @anmolnagpal @clouddrove/approvers @clouddrove-ci
diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml
@@ -1,14 +1,12 @@
 name: Auto Assign PRs
-
 on:
   pull_request:
     types: [opened, reopened]
-
   workflow_dispatch:
 jobs:
   assignee:
     uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master
     secrets:
       GITHUB: ${{ secrets.GITHUB }}
     with:
-      assignees: 'clouddrove-ci'
+      assignees: 'clouddrove-ci'
diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml
@@ -3,7 +3,6 @@ on:
   push:
     branches:
       - master
-
 jobs:
   readme:
     name: 'readme-create'
@@ -25,6 +24,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+
       - name: 'pre-commit check errors'
         uses: pre-commit/action@v3.0.0
         continue-on-error: true

diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml
@@ -5,7 +5,7 @@ on:
   pull_request:
   workflow_dispatch:
 jobs:
-  tflint:
-    uses: clouddrove/test-tfsec/.github/workflows/tflint.yaml@master
+  tf-lint:
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master
     secrets:
       GITHUB: ${{ secrets.GITHUB }}
diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml
@@ -8,4 +8,4 @@ jobs:
     uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master
     secrets: inherit
     with:
-      working_directory: '.'
+      working_directory: '.'
diff --git a/README.yaml b/README.yaml
@@ -25,6 +25,9 @@ badges:
     image: "https://img.shields.io/badge/License-APACHE-blue.svg"
     url: "LICENSE.md"
 
+prerequesties:
+  - name: Terraform 1.5.3
+    url: https://learn.hashicorp.com/terraform/getting-started/install.html
 #  description of this project
 description: |-
   This terraform module is used to create ALB on AWS.

diff --git a/_example/alb/main.tf → _example/alb/example.tf b/_example/alb/main.tf → _example/alb/example.tf
@@ -1,22 +1,22 @@
-##---------------------------------------------------------------------------------------------------------------------------
-## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS.
-##--------------------------------------------------------------------------------------------------------------------------
 provider "aws" {
   region = "eu-west-1"
 }
 
+locals {
+  name        = "alb"
+  environment = "test"
+}
+
 ##---------------------------------------------------------------------------------------------------------------------------
 ## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center.
 ##--------------------------------------------------------------------------------------------------------------------------
 module "vpc" {
   source  = "clouddrove/vpc/aws"
   version = "2.0.0"
 
-  name        = "vpc"
-  environment = "test"
-  label_order = ["name", "environment"]
-
-  cidr_block = "172.16.0.0/16"
+  name        = local.name
+  environment = local.environment
+  cidr_block  = "172.16.0.0/16"
 }
 
 ##-----------------------------------------------------
@@ -26,10 +26,8 @@ module "public_subnets" {
   source  = "clouddrove/subnet/aws"
   version = "2.0.0"
 
-  name        = "public-subnet"
-  environment = "test"
-  label_order = ["name", "environment"]
-
+  name               = local.name
+  environment        = local.environment
   availability_zones = ["eu-west-1b", "eu-west-1c"]
   type               = "public"
   vpc_id             = module.vpc.vpc_id
@@ -38,47 +36,14 @@ module "public_subnets" {
   ipv6_cidr_block    = module.vpc.ipv6_cidr_block
 }
 
-##-----------------------------------------------------
-## An AWS security group acts as a virtual firewall for incoming and outgoing traffic with http-https.
-##-----------------------------------------------------
-module "http_https" {
-  source  = "clouddrove/security-group/aws"
-  version = "2.0.0"
-
-  name        = "http-https"
-  environment = "test"
-  label_order = ["name", "environment"]
-
-  vpc_id        = module.vpc.vpc_id
-  allowed_ip    = ["0.0.0.0/0"]
-  allowed_ports = [80, 443]
-}
-
-##-----------------------------------------------------
-## An AWS security group acts as a virtual firewall for incoming and outgoing traffic with ssh.
-##-----------------------------------------------------
-module "ssh" {
-  source  = "clouddrove/security-group/aws"
-  version = "2.0.0"
-
-  name          = "ssh"
-  environment   = "test"
-  label_order   = ["name", "environment"]
-  vpc_id        = module.vpc.vpc_id
-  allowed_ip    = [module.vpc.vpc_cidr_block]
-  allowed_ports = [22]
-}
-
 ##-----------------------------------------------------
 ## When your trusted identities assume IAM roles, they are granted only the permissions scoped by those IAM roles.
 ##-----------------------------------------------------
 module "iam-role" {
-  source      = "clouddrove/iam-role/aws"
-  version     = "1.3.0"
-  name        = "iam-role"
-  environment = "test"
-  label_order = ["name", "environment"]
-
+  source             = "clouddrove/iam-role/aws"
+  version            = "1.3.0"
+  name               = local.name
+  environment        = local.environment
   assume_role_policy = data.aws_iam_policy_document.default.json
   policy_enabled     = true
   policy             = data.aws_iam_policy_document.iam-policy.json
@@ -112,19 +77,19 @@ data "aws_iam_policy_document" "iam-policy" {
 ## Amazon EC2 provides cloud hosted virtual machines, called "instances", to run applications.
 ##-----------------------------------------------------
 module "ec2" {
-  source  = "clouddrove/ec2/aws"
-  version = "1.3.0"
-
-  name        = "ec2-instance"
-  environment = "test"
-  label_order = ["name", "environment"]
-
+  source = "git::https://github.com/clouddrove/terraform-aws-ec2.git?ref=master"
+
+  name                        = local.name
+  environment                 = local.environment
+  vpc_id                      = module.vpc.vpc_id
+  ssh_allowed_ip              = ["0.0.0.0/0"]
+  ssh_allowed_ports           = [22]
+  public_key                  = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmPuPTJ58AMvweGBuAqKX+tkb0ylYq5k6gPQnl6+ivQ8i/jsUJ+juI7q/7vSoTpd0k9Gv7DkjGWg1527I+LJeropVSaRqwDcrnuM1IfUCu0QdRoU8e0sW7kQGnwObJhnRcxiGPa1inwnneq9zdXK8BGgV2E4POKdwbEBlmjZmW8j4JMnCsLvZ4hxBjZB/3fnvHhn7UCqd2C6FhOz9k+aK2kxXHxdDdO9BzKqtvm5dSAxHhw6nDHSU+cHupjiiY/SvmFH0QpR5Fn1kyZH7DxV4D8R9wvP9jKZe/RRTEkB2HY7FpVNz/EqO/z5bv7japQ5LZY1fFOK47S5KVo20y12XwkBcHeL5Bc8MuKt552JSRH7KKxvr2KD9QN5lCc0sOnQnlOK0INGHeIY4WnUSBvlVd4aOAJa4xE2PP0/kbDMAZfO6ET5OIlZF+X7n5VCYyxNJLWbx4opFIcpWgINz4m/GkArB4p4KeF+pc84rX5GkM4fn5SsMMpJTZmhhJYA2YW/E= mamraj@mamraj"
   instance_count              = 2
   ami                         = "ami-08d658f84a6d84a80"
   instance_type               = "t2.nano"
   monitoring                  = true
   tenancy                     = "default"
-  vpc_security_group_ids_list = [module.ssh.security_group_ids, module.http_https.security_group_ids]
   subnet_ids                  = tolist(module.public_subnets.public_subnet_id)
   iam_instance_profile        = module.iam-role.name
   assign_eip_address          = true
@@ -139,9 +104,8 @@ module "ec2" {
 module "acm" {
   source      = "clouddrove/acm/aws"
   version     = "1.3.0"
-  name        = "certificate"
-  environment = "test"
-  label_order = ["name", "environment"]
+  name        = local.name
+  environment = local.environment
 
   enable_aws_certificate    = true
   domain_name               = "clouddrove.ca"
@@ -156,15 +120,16 @@ module "acm" {
 module "alb" {
   source = "./../../"
 
-  name                       = "alb"
+  name                       = local.name
   enable                     = true
   internal                   = true
   load_balancer_type         = "application"
   instance_count             = module.ec2.instance_count
-  security_groups            = [module.ssh.security_group_ids, module.http_https.security_group_ids]
   subnets                    = module.public_subnets.public_subnet_id
   target_id                  = module.ec2.instance_id
   vpc_id                     = module.vpc.vpc_id
+  allowed_ip                 = [module.vpc.vpc_cidr_block]
+  allowed_ports              = [3306]
   listener_certificate_arn   = module.acm.arn
   enable_deletion_protection = false
   with_target_group          = true
@@ -173,6 +138,34 @@ module "alb" {
   https_port                 = 443
   listener_type              = "forward"
   target_group_port          = 80
+
+  http_tcp_listeners = [
+    {
+      port               = 80
+      protocol           = "TCP"
+      target_group_index = 0
+    },
+    {
+      port               = 81
+      protocol           = "TCP"
+      target_group_index = 0
+    },
+  ]
+  https_listeners = [
+    {
+      port               = 443
+      protocol           = "TLS"
+      target_group_index = 0
+      certificate_arn    = module.acm.arn
+    },
+    {
+      port               = 84
+      protocol           = "TLS"
+      target_group_index = 0
+      certificate_arn    = module.acm.arn
+    },
+  ]
+
   target_groups = [
     {
       backend_protocol     = "HTTP"
@@ -192,4 +185,11 @@ module "alb" {
       }
     }
   ]
-}
+
+  extra_ssl_certs = [
+    {
+      https_listener_index = 0
+      certificate_arn      = module.acm.arn
+    }
+  ]
+}
diff --git a/_example/alb/outputs.tf b/_example/alb/outputs.tf
@@ -11,4 +11,14 @@ output "tags" {
 output "main_target_group_arn" {
   value       = module.alb[*].main_target_group_arn
   description = "The ARN target of the ALB"
-}
+}
+
+output "dns_name" {
+  value       = module.alb.dns_name
+  description = "The DNS name of the load balancer."
+}
+
+output "zone_id" {
+  value       = module.alb.zone_id
+  description = "The zone_id of the load balancer to assist with creating DNS records."
+}
diff --git a/_example/alb/versions.tf b/_example/alb/versions.tf
@@ -1,11 +1,11 @@
 # Terraform version
 terraform {
-  required_version = ">= 1.5.0"
+  required_version = ">= 1.5.5"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.9.0"
+      version = ">= 5.13.1"
     }
   }
 }