nivleshc
nivleshc
/ visualise-network-traffic-main-01.yaml
Created
March 27, 2024 13:29
contents of the main.tf file from the blog-visualise-network-traffic repository
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # create a resource group. This will allow us to easily see all resources | |
| # provisioned by this project using the AWS Management Console | |
| resource "aws_resourcegroups_group" "project_resources" { | |
| name = "${local.default_tags["Project"]}-resources" | |
| description = format("%s %s %s","All resources provisioned by the", local.default_tags["Project"], "project") | |
| resource_query { | |
| query = <<JSON | |
| { | |
| "ResourceTypeFilters": [ |
nivleshc
/ visualise-network-traffic-providers-01.yaml
Created
March 27, 2024 13:23
contents of the providers.tf file from the blog-visualise-network-traffic repository
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| terraform { | |
| required_providers { | |
| aws = { | |
| source = "hashicorp/aws" | |
| version = "~> 5.41.0" | |
| } | |
| } | |
| } | |
| provider "aws" { |
nivleshc
/ visualise-network-traffic-locals-01.yaml
Created
March 27, 2024 13:19
contents of the locals.tf file from the blog-visualise-network-traffic repository
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| locals { | |
| vpc = { | |
| cidr_block = "10.0.0.0/16" | |
| instance_tenancy = "default" | |
| vpc_flow_logs = { | |
| cloudwatch_log_group_name = "/aws/vpc/flowlogs" | |
| cloudwatch_log_group_retention_in_days = 7 | |
| traffic_to_capture = "ALL" | |
| } | |
| tags = { |
nivleshc
/ visualise-network-traffic-variables-01.yaml
Created
March 27, 2024 13:04
contents of the variables.tf file from the blog-visualise-network-traffic repository
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "vpc" { | |
| description = "Configuration values for the VPC" | |
| type = object({ | |
| cidr_block = string | |
| instance_tenancy = string | |
| vpc_flow_logs = object({ | |
| cloudwatch_log_group_name = string | |
| cloudwatch_log_group_retention_in_days = number | |
| traffic_to_capture = string |
nivleshc
/ visualise-network-traffic-outputs-01.yaml
Created
March 27, 2024 12:59
contents of the outputs.tf file from the blog-visualise-network-traffic repository
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| output "vpc_id" { | |
| description = "The VPC ID" | |
| value = aws_vpc.main.id | |
| } | |
| output "private_subnet_id" { | |
| description = "The ID of the private subnet" | |
| value = aws_subnet.private.id | |
| } |
nivleshc
/ visualise-network-traffic-vpcflowlogs-01.yaml
Created
March 27, 2024 12:56
contents of the vpc-flow-logs.tf file from the blog-visualise-network-traffic repository
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # enable vpc flow logs | |
| resource "aws_flow_log" "vpc_flow_log" { | |
| iam_role_arn = aws_iam_role.vpc_flow_log_role.arn | |
| log_destination = aws_cloudwatch_log_group.vpc_flow_logs.arn | |
| traffic_type = var.vpc["vpc_flow_logs"]["traffic_to_capture"] | |
| vpc_id = aws_vpc.main.id | |
| tags = { | |
| Name = format("%s-%s", "vpc-flow-logs", var.vpc["vpc_flow_logs"]["traffic_to_capture"]) | |
| } |
nivleshc
/ visualise-network-traffic-iam-01.yaml
Created
March 27, 2024 12:53
contents of the iam.tf file from the blog-visualise-network-traffic repository
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # create a role that will be used for enabling vpc flow logs | |
| data "aws_iam_policy_document" "assume_role" { | |
| statement { | |
| effect = "Allow" | |
| principals { | |
| type = "Service" | |
| identifiers = ["vpc-flow-logs.amazonaws.com"] | |
| } |
nivleshc
/ visualise-network-traffic-cloudwatch-logs-01.yaml
Created
March 27, 2024 12:49
contents of the cloudwatch-file.tf file from the blog-visualise-network-traffic repository
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_cloudwatch_log_group" "vpc_flow_logs" { | |
| name = var.vpc["vpc_flow_logs"]["cloudwatch_log_group_name"] | |
| retention_in_days = var.vpc["vpc_flow_logs"]["cloudwatch_log_group_retention_in_days"] | |
| skip_destroy = false # force delete the log group when destroying the VPC | |
| } |
nivleshc
/ visualise-network-traffic-main-vpc-04.yaml
Created
March 27, 2024 12:44
contents of the main.tf file from the blog-visualise-network-traffic repository
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # associate the private route table with the private subnet | |
| resource "aws_route_table_association" "private-rt" { | |
| subnet_id = aws_subnet.private.id | |
| route_table_id = aws_route_table.private-rt.id | |
| } | |
| # associate the public route table with the public subnet | |
| resource "aws_route_table_association" "public-rt" { | |
| subnet_id = aws_subnet.public.id | |
| route_table_id = aws_route_table.public-rt.id |
nivleshc
/ visualise-network-traffic-main-vpc-03.yaml
Created
March 27, 2024 12:41
contents of the main.tf file from the blog-visualise-network-traffic repository
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # create a private route table. This will be associated with the private subnet | |
| resource "aws_route_table" "private-rt" { | |
| vpc_id = aws_vpc.main.id | |
| tags = { | |
| Name = "private route table" | |
| } | |
| } | |
| # create a public route table. This will be associated with the public subnet |