update

2-simple-example/iac/.terraform.lock.hcl

@@ -0,0 +1,19 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/hashicorp/aws" {
+  version = "5.45.0"
+  hashes = [
+    "h1:A8MJa+VwONA4BNO5xzeleguJbrblNLnXBImHTK/qgFg=",
+    "zh:1d71c406aeaf4ba762eb62e4595ab9c9f8da1a2c9b74bb4277c0acfd9678ae65",
+    "zh:3b00b13154eadedb37bca99bf7cbd556fa9472e6900c970effa17a270ee9f721",
+    "zh:6f264e8b70153925ac8abfa83ebffe2c2d5a27ab5557a6b16124269b08ac2441",
+    "zh:80f7d552faf5c43d7dc22c6c1f7e70557b9f01c67db07abbb0330d5d3fc0e464",
+    "zh:863a2a2e6ae5b42fc46b209d8f2761c882d46aca481a8c49ef221d290b4fd88e",
+    "zh:8e3bddeb2da7e6bcfd0b0221a083778d2f7fc5cd64f55de7d8d79bd1f7378bae",
+    "zh:c726104e46cd743bbf240101d7975f44091d893b6e97b46070df0041779b04d2",
+    "zh:db73a89b462fdd6eb6f32e6ed464430a895fc2e54fb629e8b99773fc32a6a7a8",
+    "zh:e35179b89eba358f521ffd4546345b4d0683ca3364a9deb8f3b7b4bf60be6f02",
+    "zh:e7b54a0faecd34a9c73729d1d1f0cfc1b8f56bae789f95987002616f1265ce72",
+  ]
+}

2-simple-example/iac/data.tf

@@ -0,0 +1,6 @@
+data "aws_availability_zones" "available" {}
+
+data "aws_security_group" "default" {
+  name   = "default"
+  vpc_id = module.vpc.vpc_id
+}

2-simple-example/iac/env/dev.tfvars

@@ -0,0 +1,3 @@
+name = "Ric Harvey"
+environment = "dev"
+ami_id = "ami-0f5eb0451af853a24"

2-simple-example/iac/locals.tf

@@ -0,0 +1,10 @@
+locals {
+  default_tags = merge(
+    var.additional_tags,
+    {
+      Maintainer  = "Ric"
+      Owner       = var.name
+      Environment = var.environment
+      ManagedBy   = "terraform"
+  })
+}

2-simple-example/iac/main.tf

@@ -0,0 +1,41 @@
+provider "aws" {
+  region = var.region
+}
+
+
+resource "aws_security_group" "web_server_sg_tf" {
+ name        = "web-server-sg-tf"
+ description = "Allow HTTP to web server"
+ vpc_id      = module.vpc.vpc_id
+
+ingress {
+   description = "HTTP ingress"
+   from_port   = 80
+   to_port     = 80
+   protocol    = "tcp"
+   cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ingress {
+   description = "HTTPS ingress"
+   from_port   = 443
+   to_port     = 443
+   protocol    = "tcp"
+   cidr_blocks = ["0.0.0.0/0"]
+ }
+
+egress {
+   from_port   = 0
+   to_port     = 0
+   protocol    = "-1"
+   cidr_blocks = ["0.0.0.0/0"]
+ }
+}
+
+resource "aws_instance" "test_ami" {
+  ami                    = var.ami_id
+  instance_type          = "t3.micro"
+  associate_public_ip_address = true
+  subnet_id              = module.vpc.public_subnets[0] 
+  vpc_security_group_ids = [aws_security_group.web_server_sg_tf.id]
+}

2-simple-example/iac/outputs.tf

@@ -0,0 +1,27 @@
+# VPC
+output "vpc_id" {
+  description = "The ID of the VPC"
+  value       = module.vpc.vpc_id
+}
+
+# Subnets
+output "private_subnets" {
+  description = "List of IDs of private subnets"
+  value       = module.vpc.private_subnets
+}
+
+output "public_subnets" {
+  description = "List of IDs of public subnets"
+  value       = module.vpc.public_subnets
+}
+
+output "database_subnets" {
+  description = "List of IDs of database subnets"
+  value       = module.vpc.database_subnets
+}
+
+# NAT gateways
+output "nat_public_ips" {
+  description = "List of public Elastic IPs created for AWS NAT Gateway"
+  value       = module.vpc.nat_public_ips
+}

2-simple-example/iac/variables.tf

@@ -0,0 +1,46 @@
+variable "name" {
+  description = "Solution name"
+  type        = string
+  default     = "my-vpc"
+}
+
+variable "environment" {
+  description = "Execution environment"
+  type        = string
+  default     = "development"
+}
+
+variable "region" {
+  description = "AWS region"
+  type        = string
+  default     = "eu-west-1"
+}
+
+variable "private_subnet_suffix" {
+  description = "Suffix to append to private subnets name"
+  type        = string
+  default     = "private-"
+}
+
+variable "public_subnet_suffix" {
+  description = "Suffix to append to public subnets name"
+  type        = string
+  default     = "public-"
+}
+
+variable "database_subnet_suffix" {
+  description = "Suffix to append to database subnets name"
+  type        = string
+  default     = "rds-"
+}
+
+variable "additional_tags" {
+  description = "Additional default resource tags"
+  type        = map(string)
+  default     = {}
+}
+
+variable "ami_id" {
+  description = "ami to use for example"
+  type	      = string
+}

2-simple-example/iac/vpc.tf

@@ -0,0 +1,36 @@
+module "vpc" {
+  source = "terraform-aws-modules/vpc/aws"
+  version = "~> 3"
+
+  name = "${var.name}-${var.environment}"
+  cidr = "20.10.0.0/16" # 10.0.0.0/8 is reserved for EC2-Classic
+
+  azs                 = data.aws_availability_zones.available.names 
+  private_subnets     = ["20.10.1.0/24", "20.10.2.0/24", "20.10.3.0/24"]
+  public_subnets      = ["20.10.11.0/24", "20.10.12.0/24", "20.10.13.0/24"]
+  database_subnets    = ["20.10.21.0/24", "20.10.22.0/24", "20.10.23.0/24"]
+
+  private_subnet_tags = { "name": "${var.private_subnet_suffix}-${var.name}-${var.environment}" }
+  public_subnet_tags = { "name": "${var.public_subnet_suffix}-${var.name}-${var.environment}" }
+  database_subnet_tags = { "name": "${var.database_subnet_suffix}-${var.name}-${var.environment}" }
+
+  create_database_subnet_group = true
+
+  enable_nat_gateway = true
+  single_nat_gateway = true
+
+  enable_dhcp_options              = false
+
+  # Default security group - ingress/egress rules cleared to deny all
+  manage_default_security_group  = true
+  default_security_group_ingress = []
+  default_security_group_egress  = []
+
+  # VPC Flow Logs (Cloudwatch log group and IAM role will be created)
+  enable_flow_log                      = true
+  create_flow_log_cloudwatch_log_group = true
+  create_flow_log_cloudwatch_iam_role  = true
+  flow_log_max_aggregation_interval    = 60
+
+  tags = local.default_tags
+}

3-remote-states/iac/.terraform.lock.hcl

@@ -0,0 +1,19 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/hashicorp/aws" {
+  version = "5.45.0"
+  hashes = [
+    "h1:A8MJa+VwONA4BNO5xzeleguJbrblNLnXBImHTK/qgFg=",
+    "zh:1d71c406aeaf4ba762eb62e4595ab9c9f8da1a2c9b74bb4277c0acfd9678ae65",
+    "zh:3b00b13154eadedb37bca99bf7cbd556fa9472e6900c970effa17a270ee9f721",
+    "zh:6f264e8b70153925ac8abfa83ebffe2c2d5a27ab5557a6b16124269b08ac2441",
+    "zh:80f7d552faf5c43d7dc22c6c1f7e70557b9f01c67db07abbb0330d5d3fc0e464",
+    "zh:863a2a2e6ae5b42fc46b209d8f2761c882d46aca481a8c49ef221d290b4fd88e",
+    "zh:8e3bddeb2da7e6bcfd0b0221a083778d2f7fc5cd64f55de7d8d79bd1f7378bae",
+    "zh:c726104e46cd743bbf240101d7975f44091d893b6e97b46070df0041779b04d2",
+    "zh:db73a89b462fdd6eb6f32e6ed464430a895fc2e54fb629e8b99773fc32a6a7a8",
+    "zh:e35179b89eba358f521ffd4546345b4d0683ca3364a9deb8f3b7b4bf60be6f02",
+    "zh:e7b54a0faecd34a9c73729d1d1f0cfc1b8f56bae789f95987002616f1265ce72",
+  ]
+}

3-remote-states/iac/data.tf

@@ -0,0 +1,6 @@
+data "aws_availability_zones" "available" {}
+
+data "aws_security_group" "default" {
+  name   = "default"
+  vpc_id = module.vpc.vpc_id
+}

3-remote-states/iac/env/dev.tfvars

@@ -0,0 +1,3 @@
+name = "Ric Harvey"
+environment = "dev"
+ami_id = "ami-0f5eb0451af853a24"

3-remote-states/iac/locals.tf

@@ -0,0 +1,10 @@
+locals {
+  default_tags = merge(
+    var.additional_tags,
+    {
+      Maintainer  = "Ric"
+      Owner       = var.name
+      Environment = var.environment
+      ManagedBy   = "terraform"
+  })
+}

3-remote-states/iac/main.tf

@@ -0,0 +1,41 @@
+provider "aws" {
+  region = var.region
+}
+
+
+resource "aws_security_group" "web_server_sg_tf" {
+ name        = "web-server-sg-tf"
+ description = "Allow HTTP to web server"
+ vpc_id      = module.vpc.vpc_id
+
+ingress {
+   description = "HTTP ingress"
+   from_port   = 80
+   to_port     = 80
+   protocol    = "tcp"
+   cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ingress {
+   description = "HTTPS ingress"
+   from_port   = 443
+   to_port     = 443
+   protocol    = "tcp"
+   cidr_blocks = ["0.0.0.0/0"]
+ }
+
+egress {
+   from_port   = 0
+   to_port     = 0
+   protocol    = "-1"
+   cidr_blocks = ["0.0.0.0/0"]
+ }
+}
+
+resource "aws_instance" "test_ami" {
+  ami                    = var.ami_id
+  instance_type          = "t3.micro"
+  associate_public_ip_address = true
+  subnet_id              = module.vpc.public_subnets[0] 
+  vpc_security_group_ids = [aws_security_group.web_server_sg_tf.id]
+}

3-remote-states/iac/outputs.tf

@@ -0,0 +1,27 @@
+# VPC
+output "vpc_id" {
+  description = "The ID of the VPC"
+  value       = module.vpc.vpc_id
+}
+
+# Subnets
+output "private_subnets" {
+  description = "List of IDs of private subnets"
+  value       = module.vpc.private_subnets
+}
+
+output "public_subnets" {
+  description = "List of IDs of public subnets"
+  value       = module.vpc.public_subnets
+}
+
+output "database_subnets" {
+  description = "List of IDs of database subnets"
+  value       = module.vpc.database_subnets
+}
+
+# NAT gateways
+output "nat_public_ips" {
+  description = "List of public Elastic IPs created for AWS NAT Gateway"
+  value       = module.vpc.nat_public_ips
+}

3-remote-states/iac/variables.tf

@@ -0,0 +1,46 @@
+variable "name" {
+  description = "Solution name"
+  type        = string
+  default     = "my-vpc"
+}
+
+variable "environment" {
+  description = "Execution environment"
+  type        = string
+  default     = "development"
+}
+
+variable "region" {
+  description = "AWS region"
+  type        = string
+  default     = "eu-west-1"
+}
+
+variable "private_subnet_suffix" {
+  description = "Suffix to append to private subnets name"
+  type        = string
+  default     = "private-"
+}
+
+variable "public_subnet_suffix" {
+  description = "Suffix to append to public subnets name"
+  type        = string
+  default     = "public-"
+}
+
+variable "database_subnet_suffix" {
+  description = "Suffix to append to database subnets name"
+  type        = string
+  default     = "rds-"
+}
+
+variable "additional_tags" {
+  description = "Additional default resource tags"
+  type        = map(string)
+  default     = {}
+}
+
+variable "ami_id" {
+  description = "ami to use for example"
+  type	      = string
+}

3-remote-states/iac/vpc.tf

@@ -0,0 +1,36 @@
+module "vpc" {
+  source = "terraform-aws-modules/vpc/aws"
+  version = "~> 3"
+
+  name = "${var.name}-${var.environment}"
+  cidr = "20.10.0.0/16" # 10.0.0.0/8 is reserved for EC2-Classic
+
+  azs                 = data.aws_availability_zones.available.names 
+  private_subnets     = ["20.10.1.0/24", "20.10.2.0/24", "20.10.3.0/24"]
+  public_subnets      = ["20.10.11.0/24", "20.10.12.0/24", "20.10.13.0/24"]
+  database_subnets    = ["20.10.21.0/24", "20.10.22.0/24", "20.10.23.0/24"]
+
+  private_subnet_tags = { "name": "${var.private_subnet_suffix}-${var.name}-${var.environment}" }
+  public_subnet_tags = { "name": "${var.public_subnet_suffix}-${var.name}-${var.environment}" }
+  database_subnet_tags = { "name": "${var.database_subnet_suffix}-${var.name}-${var.environment}" }
+
+  create_database_subnet_group = true
+
+  enable_nat_gateway = true
+  single_nat_gateway = true
+
+  enable_dhcp_options              = false
+
+  # Default security group - ingress/egress rules cleared to deny all
+  manage_default_security_group  = true
+  default_security_group_ingress = []
+  default_security_group_egress  = []
+
+  # VPC Flow Logs (Cloudwatch log group and IAM role will be created)
+  enable_flow_log                      = true
+  create_flow_log_cloudwatch_log_group = true
+  create_flow_log_cloudwatch_iam_role  = true
+  flow_log_max_aggregation_interval    = 60
+
+  tags = local.default_tags
+}

demo/iac/.terraform.tfstate.lock.info

@@ -1 +0,0 @@
-{"ID":"1156b298-a473-5fa6-a198-84eabc580877","Operation":"OperationTypeApply","Info":"","Who":"ric@batfink","Version":"1.6.2","Created":"2024-04-15T20:40:09.835286786Z","Path":"terraform.tfstate"}