This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# create a resource group. This will allow us to easily see all resources | |
# provisioned by this project using the AWS Management Console | |
resource "aws_resourcegroups_group" "project_resources" { | |
name = "${local.default_tags["Project"]}-resources" | |
description = format("%s %s %s","All resources provisioned by the", local.default_tags["Project"], "project") | |
resource_query { | |
query = <<JSON | |
{ | |
"ResourceTypeFilters": [ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform { | |
required_providers { | |
aws = { | |
source = "hashicorp/aws" | |
version = "~> 5.41.0" | |
} | |
} | |
} | |
provider "aws" { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
locals { | |
vpc = { | |
cidr_block = "10.0.0.0/16" | |
instance_tenancy = "default" | |
vpc_flow_logs = { | |
cloudwatch_log_group_name = "/aws/vpc/flowlogs" | |
cloudwatch_log_group_retention_in_days = 7 | |
traffic_to_capture = "ALL" | |
} | |
tags = { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
variable "vpc" { | |
description = "Configuration values for the VPC" | |
type = object({ | |
cidr_block = string | |
instance_tenancy = string | |
vpc_flow_logs = object({ | |
cloudwatch_log_group_name = string | |
cloudwatch_log_group_retention_in_days = number | |
traffic_to_capture = string |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
output "vpc_id" { | |
description = "The VPC ID" | |
value = aws_vpc.main.id | |
} | |
output "private_subnet_id" { | |
description = "The ID of the private subnet" | |
value = aws_subnet.private.id | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# enable vpc flow logs | |
resource "aws_flow_log" "vpc_flow_log" { | |
iam_role_arn = aws_iam_role.vpc_flow_log_role.arn | |
log_destination = aws_cloudwatch_log_group.vpc_flow_logs.arn | |
traffic_type = var.vpc["vpc_flow_logs"]["traffic_to_capture"] | |
vpc_id = aws_vpc.main.id | |
tags = { | |
Name = format("%s-%s", "vpc-flow-logs", var.vpc["vpc_flow_logs"]["traffic_to_capture"]) | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# create a role that will be used for enabling vpc flow logs | |
data "aws_iam_policy_document" "assume_role" { | |
statement { | |
effect = "Allow" | |
principals { | |
type = "Service" | |
identifiers = ["vpc-flow-logs.amazonaws.com"] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "aws_cloudwatch_log_group" "vpc_flow_logs" { | |
name = var.vpc["vpc_flow_logs"]["cloudwatch_log_group_name"] | |
retention_in_days = var.vpc["vpc_flow_logs"]["cloudwatch_log_group_retention_in_days"] | |
skip_destroy = false # force delete the log group when destroying the VPC | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# associate the private route table with the private subnet | |
resource "aws_route_table_association" "private-rt" { | |
subnet_id = aws_subnet.private.id | |
route_table_id = aws_route_table.private-rt.id | |
} | |
# associate the public route table with the public subnet | |
resource "aws_route_table_association" "public-rt" { | |
subnet_id = aws_subnet.public.id | |
route_table_id = aws_route_table.public-rt.id |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# create a private route table. This will be associated with the private subnet | |
resource "aws_route_table" "private-rt" { | |
vpc_id = aws_vpc.main.id | |
tags = { | |
Name = "private route table" | |
} | |
} | |
# create a public route table. This will be associated with the public subnet |