Merge pull request #23 from Coalfire-CF/issue-22

Issue resolution

aws/terraform/us-gov-west-1/management-account/bastion/README.md

@@ -122,7 +122,7 @@ module "win_bastion" {
  associate_eip = var.associate_eip
 
  vpc_id = data.terraform_remote_state.networking.outputs.mgmt_vpc_id
- subnet_ids = [ data.terraform_remote_state.networking.outputs.public_subnets[0]]
+ subnet_ids = [ data.terraform_remote_state.networking.outputs.public_subnets["pak-mgmt-public-us-gov-west-1a"]]
  ec2_key_pair = var.key_name
  ebs_kms_key_arn = data.terraform_remote_state.day0.outputs.ebs_kms_key_arn
 

aws/terraform/us-gov-west-1/management-account/bastion/bastion.tf

@@ -26,7 +26,7 @@ module "win_bastion" {
  associate_eip = var.associate_eip
 
  vpc_id = data.terraform_remote_state.networking.outputs.mgmt_vpc_id
- subnet_ids = [data.terraform_remote_state.networking.outputs.public_subnets[0]]
+ subnet_ids = [data.terraform_remote_state.networking.outputs.public_subnets["pak-mgmt-public-us-gov-west-1a"]]
  ec2_key_pair = var.key_name
  ebs_kms_key_arn = data.terraform_remote_state.day0.outputs.ebs_kms_key_arn
 

aws/terraform/us-gov-west-1/management-account/day0/outputs.tf

@@ -98,6 +98,13 @@ output "s3_installs_id" {
  value = module.account-setup.s3_installs_id
 }
 
+output "s3_elb_access_logs_arn" {
+ value = module.account-setup.s3_elb_access_logs_arn
+}
+
+output "s3_elb_access_logs_id" {
+ value = module.account-setup.s3_elb_access_logs_id
+}
 
 output "dynamodb_table_name" {
  value = module.account-setup.dynamodb_table_name

aws/terraform/us-gov-west-1/networking/README.md

@@ -60,6 +60,15 @@ cidrs_for_remote_access = ["<Customer-IP>"]
 mgmt_vpc_cidr = "<Customer-Custom-CIDR-Range"
 profile = "<customer-prefix>-mgmt"
 ```
+## Assumptions
+
+* Networking resources, including VPCs, Transit Gateways and Network Firewalls, are designed to be deployed under a single state.
+* Outputs of this module can be referenced via terraform state in the following manner:
+ * `module.mgmt_vpc.private_subnets["mvp-mgmt-compute-us-gov-west-1a"]`
+ * `data.terraform_remote_state.network.outputs.public_subnets["mvp-mgmt-dmz-us-gov-west-1a"]`
+* This is designed to automatically reference the firewall subnets when opted to be created.
+* Automatically adds AWS region to the subnet name upon creation
+
 
 ## Deployment Steps
 1. Change the working directory the `networking` folder

aws/terraform/us-gov-west-1/networking/subnets.tf

@@ -5,51 +5,51 @@ module "mgmt_subnet_addrs" {
  base_cidr_block = var.mgmt_vpc_cidr
  networks = [
  {
- name = "pak-firewall-1a"
+ name = "${var.resource_prefix}-firewall-1a"
  new_bits = 8
  },
  {
- name = "pak-firewall-1b"
+ name = "${var.resource_prefix}-firewall-1b"
  new_bits = 8
  },
  {
- name = "pak-firewall-1c"
+ name = "${var.resource_prefix}-firewall-1c"
  new_bits = 8
  },
  {
- name = "pak-public-1a"
+ name = "${var.resource_prefix}-public-1a"
  new_bits = 8
  },
  {
- name = "pak-public-1b"
+ name = "${var.resource_prefix}-public-1b"
  new_bits = 8
  },
  {
- name = "pak-public-1c"
+ name = "${var.resource_prefix}-public-1c"
  new_bits = 8
  },
  {
- name = "pak-compute-1a"
+ name = "${var.resource_prefix}-compute-1a"
  new_bits = 8
  },
  {
- name = "pak-compute-1b"
+ name = "${var.resource_prefix}-compute-1b"
  new_bits = 8
  },
  {
- name = "pak-compute-1c"
+ name = "${var.resource_prefix}-compute-1c"
  new_bits = 8
  },
  {
- name = "pak-private-1a"
+ name = "${var.resource_prefix}-private-1a"
  new_bits = 8
  },
  {
- name = "pak-private-1b"
+ name = "${var.resource_prefix}-private-1b"
  new_bits = 8
  },
  {
- name = "pak-private-1c"
+ name = "${var.resource_prefix}-private-1c"
  new_bits = 8
  }
  ]