feat: added security-group-rule and kms main.tf

clouddrove · Jun 19, 2023 · e597f20 · e597f20
1 parent 86967b4
commit e597f20
Show file tree

Hide file tree

Showing 6 changed files with 327 additions and 149 deletions.
diff --git a/_example/basic_example/example.tf b/_example/basic_example/example.tf
@@ -1,7 +1,13 @@
+####----------------------------------------------------------------------------------
+## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS.
+####----------------------------------------------------------------------------------
 provider "aws" {
   region = "eu-west-1"
 }
 
+####----------------------------------------------------------------------------------
+## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center.
+####----------------------------------------------------------------------------------
 module "vpc" {
   source  = "clouddrove/vpc/aws"
   version = "1.3.1"
@@ -13,6 +19,9 @@ module "vpc" {
   cidr_block = "172.16.0.0/16"
 }
 
+####----------------------------------------------------------------------------------
+## A subnet is a range of IP addresses in your VPC.
+####----------------------------------------------------------------------------------
 module "public_subnets" {
   source  = "clouddrove/subnet/aws"
   version = "1.3.0"
@@ -29,42 +38,18 @@ module "public_subnets" {
   ipv6_cidr_block    = module.vpc.ipv6_cidr_block
 }
 
-module "http-https" {
-  source      = "clouddrove/security-group/aws"
-  version     = "1.3.0"
-  name        = "http-https"
-  environment = "test"
-  label_order = ["name", "environment"]
-
-  vpc_id        = module.vpc.vpc_id
-  allowed_ip    = ["0.0.0.0/0"]
-  allowed_ports = [80, 443]
-}
-
 module "keypair" {
   source  = "clouddrove/keypair/aws"
   version = "1.3.0"
 
-  public_key      = "ssh-rsa AAAAB3NzaC1yxxxxxxxxxxxxxxQDDIqppj2U2K8norJh5/gxz7sbSSseLd+ldHEOM3+lajUSGqWk3Bw/NgygEf1Kgw7gyK3jsTVVcokhK3TDuR3pi4u2QDR2tW9559zKaR7RJJfjO1u1Onc2tgA3y0btdju2bcYBtFkRVOLwpog8CvslYEDV1Vf9HNeh9A3yOS6Pkjq6gDMrsUVF89ps3zuLmdVBIlCOnJDkwHK71lKihGKdkeXEtAj0aOQzAJsIpDFXz7vob9OiA/fb2T3t4R1EwEsPEnYVczKMsqUyqa+EE36bItcZHQyCPVN7+bRJyJpPcrfrsAa4yMtiHUUiecPdL/6HYwGHxA5rUX3uD2UBm6sbGBH00ZCj6yUxl2UQR5NE4NR35NI86Q+q1kNOc5VctxxQOTHBwKHaGvKLk4c5gHXaEl8yyYL0wVkL00KYx3GCh1LvRdQL8fvzImBCN"
+  public_key      = "HEOM3+lajUSGqWk3Bw/NgygEf1Kgw7gyK3jsTVVcokhK3TDuR3pi4u2QDR2tvLXddPKd37a2S7rjeqecw+XRW9559zKaR7RJJfjO1u1Onc2tgA3y0btdju2bcYBtFkRVOLwpog8CvslYEDLmdVBIlCOnJDkwHK71lKihGKdkeXEtAj0aOQzAJsIpDFXz7vob9OiA/fb2T3t4R1EwEsPEnYVczKMsqUyqa+EE36bItcZHQyCPVN7+bRJyJpPcrfrsAa4yMtiHUUiecPdL/6HYwGHxA5rUX3uD2UBm6sbGBH00ZCj6yUxl2UQR5NE4NR35NI86Q+q1kNOc5VctxxQOTHBwKHaGvKLk4c5gHXaEl8yyYL0wVkL00KYx3GCh1"
   key_name        = "devops"
   environment     = "test"
   label_order     = ["name", "environment"]
   enable_key_pair = true
 }
 
 
-module "ssh" {
-  source      = "clouddrove/security-group/aws"
-  version     = "1.3.0"
-  name        = "ssh"
-  environment = "test"
-  label_order = ["name", "environment"]
-
-  vpc_id        = module.vpc.vpc_id
-  allowed_ip    = [module.vpc.vpc_cidr_block, "0.0.0.0/0"]
-  allowed_ports = [22]
-}
-
 module "iam-role" {
   source  = "clouddrove/iam-role/aws"
   version = "1.3.0"
@@ -78,36 +63,6 @@ module "iam-role" {
   policy         = data.aws_iam_policy_document.iam-policy.json
 }
 
-module "kms_key" {
-  source                  = "clouddrove/kms/aws"
-  version                 = "1.3.0"
-  name                    = "kms"
-  environment             = "test"
-  label_order             = ["environment", "name"]
-  enabled                 = true
-  description             = "KMS key for ec2"
-  deletion_window_in_days = 7
-  enable_key_rotation     = true
-  alias                   = "alias/ec3"
-  policy                  = data.aws_iam_policy_document.kms.json
-}
-
-
-data "aws_iam_policy_document" "kms" {
-  version = "2012-10-17"
-  statement {
-    sid    = "Enable IAM User Permissions"
-    effect = "Allow"
-    principals {
-      type        = "AWS"
-      identifiers = ["*"]
-    }
-    actions   = ["kms:*"]
-    resources = ["*"]
-  }
-
-}
-
 data "aws_iam_policy_document" "default" {
   statement {
     effect  = "Allow"
@@ -138,6 +93,13 @@ module "ec2" {
   environment = "test"
   label_order = ["name", "environment"]
 
+  ####----------------------------------------------------------------------------------
+  ## Below A security group controls the traffic that is allowed to reach and leave the resources that it is associated with.
+  ####----------------------------------------------------------------------------------
+  vpc_id            = module.vpc.vpc_id
+  ssh_allowed_ip    = ["0.0.0.0/0"]
+  ssh_allowed_ports = [22]
+
   #instance
   instance_enabled = true
   instance_count   = 1
@@ -148,7 +110,6 @@ module "ec2" {
   hibernation      = false
 
   #Networking
-  vpc_security_group_ids_list = [module.ssh.security_group_ids, module.http-https.security_group_ids]
   subnet_ids                  = tolist(module.public_subnets.public_subnet_id)
   assign_eip_address          = true
   associate_public_ip_address = true
@@ -166,16 +127,15 @@ module "ec2" {
       volume_type           = "gp2"
       volume_size           = 15
       delete_on_termination = true
-      kms_key_id            = module.kms_key.key_arn
     }
   ]
 
   #EBS Volume
   multi_attach_enabled = false
-  ebs_optimized      = false
-  ebs_volume_enabled = false
-  ebs_volume_type    = "gp2"
-  ebs_volume_size    = 30
+  ebs_optimized        = false
+  ebs_volume_enabled   = false
+  ebs_volume_type      = "gp2"
+  ebs_volume_size      = 30
 
   #DNS
   dns_enabled = false

diff --git a/_example/ebs_mount/example.tf b/_example/ebs_mount/example.tf
@@ -1,7 +1,13 @@
+####----------------------------------------------------------------------------------
+## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS.
+####----------------------------------------------------------------------------------
 provider "aws" {
   region = "eu-west-1"
 }
 
+####----------------------------------------------------------------------------------
+## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center.
+####----------------------------------------------------------------------------------
 module "vpc" {
   source  = "clouddrove/vpc/aws"
   version = "1.3.1"
@@ -13,6 +19,9 @@ module "vpc" {
   cidr_block = "172.16.0.0/16"
 }
 
+####----------------------------------------------------------------------------------
+## A subnet is a range of IP addresses in your VPC.
+####----------------------------------------------------------------------------------
 module "public_subnets" {
   source  = "clouddrove/subnet/aws"
   version = "1.3.0"
@@ -29,35 +38,11 @@ module "public_subnets" {
   ipv6_cidr_block    = module.vpc.ipv6_cidr_block
 }
 
-module "http-https" {
-  source      = "clouddrove/security-group/aws"
-  version     = "1.3.0"
-  name        = "http-https"
-  environment = "test"
-  label_order = ["name", "environment"]
-
-  vpc_id        = module.vpc.vpc_id
-  allowed_ip    = ["0.0.0.0/0"]
-  allowed_ports = [80, 443]
-}
-
-module "ssh" {
-  source      = "clouddrove/security-group/aws"
-  version     = "1.3.0"
-  name        = "ssh"
-  environment = "test"
-  label_order = ["name", "environment"]
-
-  vpc_id        = module.vpc.vpc_id
-  allowed_ip    = [module.vpc.vpc_cidr_block, "0.0.0.0/0"]
-  allowed_ports = [22]
-}
-
 module "keypair" {
   source  = "clouddrove/keypair/aws"
   version = "1.3.0"
 
-  public_key      = "ssh-rsa AAAAB3NLd+ldHEOM3+lajUSGqWk3Bw/NgygEf1Kgw7gyK3jsTVVcokhK3TDuR3pi4u2QDR2tvLXddPKd37a2S7rjeqecw+XRW9559zKaR7RJJfjO1u1Onc2tgA3y0btdju2bcYBtFkRVOLwpog8CvslYEDV1Vf9HNeh9A3yOS6Pkjq6gDMrsUVF89ps3zuLmdVBIlCOnJDkwHK71lKihGKdkeXEtAj0aOQzAJsIpDFXz7vob9OiA/fb2T3t4R1EwEsPEnYVczKMsqUyqa+EE36bItcZHQyCPVN7+bRJyJpPcrfrsAa4yMBm6sbGBH00ZCj6yUxl2UQR5NE4NR35NI86Q"
+  public_key      = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDIqppj2U2K8norJh5/gxz7sbSSseLd+ldHEOM3+lajUSGqWk3Bw/NgygEf1Kgw7gyK3jsTVVcokhK3TDuR3pi4u2QDR2tvLXddPKd37a2S7rjeqecw+XRW9559zKaR7RJJfjO1u1Onc2tgA3y0btdju2bcYBtFkRVOLwpog8CvslYEDV1Vf9HNeh9A3yOS6Pkjq6gDMrsUVF89ps3zuLmdVBIlCOnJDkwHK71lKihGKdkeXEtAj0aOQzAJsIpDFXz7vob9OiA/fb2T3t4R1EwEsPEnYVczKMsqUyqa+EE36bItcZHQyCPVN7+bRJyJpPcrfrsAa4yMtiHUUiecPdL/6HYwGHxA5rUX3uD2UBm6sbGBH00ZCj6yUxl2UQR5NE4NR35NI86Q+q1kNOc5VctxxQOTHBwKHaGvKLk4c5gHXaEl8yyYL0wVkL00KYx3GCh1LvRdQL8fvzImBCNgZdSpKT2xjq/wc5c9L9NSc43TGoldnDYUjm79qAYMlwQHr0= prashant@prashant"
   key_name        = "devops"
   environment     = "test"
   label_order     = ["name", "environment"]
@@ -77,36 +62,6 @@ module "iam-role" {
   policy         = data.aws_iam_policy_document.iam-policy.json
 }
 
-module "kms_key" {
-  source                  = "clouddrove/kms/aws"
-  version                 = "1.3.0"
-  name                    = "kms"
-  environment             = "test"
-  label_order             = ["environment", "name"]
-  enabled                 = true
-  description             = "KMS key for ec2"
-  deletion_window_in_days = 7
-  enable_key_rotation     = true
-  alias                   = "alias/ec2"
-  policy                  = data.aws_iam_policy_document.kms.json
-}
-
-
-data "aws_iam_policy_document" "kms" {
-  version = "2012-10-17"
-  statement {
-    sid    = "Enable IAM User Permissions"
-    effect = "Allow"
-    principals {
-      type        = "AWS"
-      identifiers = ["*"]
-    }
-    actions   = ["kms:*"]
-    resources = ["*"]
-  }
-
-}
-
 data "aws_iam_policy_document" "default" {
   statement {
     effect  = "Allow"
@@ -138,6 +93,13 @@ module "ec2" {
   environment = "test"
   label_order = ["name", "environment"]
 
+  ####----------------------------------------------------------------------------------
+  ## Below A security group controls the traffic that is allowed to reach and leave the resources that it is associated with.
+  ####----------------------------------------------------------------------------------
+  vpc_id            = module.vpc.vpc_id
+  ssh_allowed_ip    = ["0.0.0.0/0"]
+  ssh_allowed_ports = [22]
+
   #Instance
   instance_enabled = true
   instance_count   = 2
@@ -150,7 +112,6 @@ module "ec2" {
   key_name = module.keypair.name
 
   #Networking
-  vpc_security_group_ids_list = [module.ssh.security_group_ids, module.http-https.security_group_ids]
   subnet_ids                  = tolist(module.public_subnets.public_subnet_id)
   assign_eip_address          = true
   associate_public_ip_address = true
@@ -165,16 +126,15 @@ module "ec2" {
       volume_type           = "gp2"
       volume_size           = 15
       delete_on_termination = true
-      kms_key_id            = module.kms_key.key_arn
     }
   ]
 
   #EBS Volume
   multi_attach_enabled = false
-  ebs_optimized      = false
-  ebs_volume_enabled = true
-  ebs_volume_type    = "gp2"
-  ebs_volume_size    = 30
+  ebs_optimized        = false
+  ebs_volume_enabled   = true
+  ebs_volume_type      = "gp2"
+  ebs_volume_size      = 30
 
   #DNS
   dns_enabled = false

diff --git a/_example/ebs_mount/versions.tf b/_example/ebs_mount/versions.tf