fix: added versions.tf and updated vpc tag

clouddrove · Jun 6, 2023 · 154b37d · 154b37d
1 parent f0e022c
commit 154b37d
Show file tree

Hide file tree

Showing 5 changed files with 82 additions and 21 deletions.
diff --git a/README.yaml b/README.yaml
@@ -44,16 +44,19 @@ usage: |-
  Here is an example of how you can use this module in your inventory structure:
  ```hcl
  module "vpn" {
- source = "clouddrove/client-vpn/aws"
- version = "1.0.1"
- name = "test-vpn"
- enabled = true
- environment = "example"
- label_order = ["name", "environment"]
- cidr_block = "172.0.0.0/16"
- subnet_ids = module.subnets.public_subnet_id
- route_cidr = ["0.0.0.0/0"]
- route_subnet_ids = ["subnet-xxxxxxxxxxx"]
- network_cidr = ["0.0.0.0/0"]
+ source = "clouddrove/client-vpn/aws"
+ version = "1.0.5"
+ name = "test-vpn"
+ enabled = true
+ split_tunnel_enable = true
+ environment = "example"
+ label_order = ["name", "environment"]
+ cidr_block = "172.0.0.0/16"
+ subnet_ids = module.subnets.public_subnet_id
+ route_cidr = ["0.0.0.0/0", "0.0.0.0/0"]
+ security_group_ids = [""]
+ route_subnet_ids = module.subnets.public_subnet_id
+ network_cidr = ["0.0.0.0/0"]
+
  }
  ```
diff --git a/_example/example.tf b/_example/example.tf
@@ -1,10 +1,16 @@
+##---------------------------------------------------------------------------------------------------------------------------
+## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS.
+##--------------------------------------------------------------------------------------------------------------------------
 provider "aws" {
  region = "eu-west-1"
 }
 
+##---------------------------------------------------------------------------------------------------------------------------
+## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center.
+##---------------------------------------------------------------------------------------------------------------------------
 module "vpc" {
  source = "clouddrove/vpc/aws"
- version = "1.3.0"
+ version = "1.3.1"
 
  vpc_enabled = true
  enable_flow_log = false
@@ -16,7 +22,9 @@ module "vpc" {
  cidr_block = "10.0.0.0/16"
 }
 
-
+##-----------------------------------------------------
+## A subnet is a range of IP addresses in your VPC.
+##-----------------------------------------------------
 module "subnets" {
  source = "clouddrove/subnet/aws"
  version = "1.3.0"
@@ -35,6 +43,9 @@ module "subnets" {
  ipv6_cidr_block = module.vpc.ipv6_cidr_block
 }
 
+##-----------------------------------------------------------------------------
+## vpn module call.
+##-----------------------------------------------------------------------------
 module "vpn" {
  source = "../"
 

diff --git a/_example/variables.tf b/_example/variables.tf
diff --git a/main.tf b/main.tf
@@ -1,3 +1,6 @@
+##-----------------------------------------------------------------------------
+## Labels module callled that will be used for naming and tags.
+##-----------------------------------------------------------------------------
 module "labels" {
  source = "clouddrove/labels/aws"
  version = "1.3.0"
@@ -9,15 +12,16 @@ module "labels" {
  repository = var.repository
 }
 
-
 resource "tls_private_key" "ca" {
  count = var.enabled ? 1 : 0
  algorithm = "RSA"
 }
 
+##-----------------------------------------------------------------------------
+## tls_self_signed_cert (Resource) Creates a self-signed TLS certificate in PEM (RFC 1421) format.
+##-----------------------------------------------------------------------------
 resource "tls_self_signed_cert" "ca" {
  count = var.enabled ? 1 : 0
- #key_algorithm = "RSA"
  private_key_pem = join("", tls_private_key.ca.*.private_key_pem)
 
  subject {
@@ -36,6 +40,9 @@ resource "tls_self_signed_cert" "ca" {
  ]
 }
 
+##-----------------------------------------------------------------------------
+## aws_acm_certificate. The ACM certificate resource allows requesting and management of certificates from the Amazon Certificate Manager..
+##-----------------------------------------------------------------------------
 resource "aws_acm_certificate" "ca" {
  count = var.enabled ? 1 : 0
  private_key = join("", tls_private_key.ca.*.private_key_pem)
@@ -47,6 +54,9 @@ resource "tls_private_key" "root" {
  algorithm = "RSA"
 }
 
+##-----------------------------------------------------------------------------
+## Generates a Certificate Signing Request (CSR) in PEM format, which is the typical format used to request a certificate from a certificate authority.
+##-----------------------------------------------------------------------------
 resource "tls_cert_request" "root" {
  count = var.enabled ? 1 : 0
  #key_algorithm = "RSA"
@@ -60,6 +70,9 @@ resource "tls_cert_request" "root" {
  dns_names = var.dns_names
 }
 
+##-----------------------------------------------------------------------------
+## Generates a Certificate Signing Request (CSR) in PEM format, which is the typical format used to request a certificate from a certificate authority.
+##-----------------------------------------------------------------------------
 resource "tls_locally_signed_cert" "root" {
  count = var.enabled ? 1 : 0
  cert_request_pem = join("", tls_cert_request.root.*.cert_request_pem)
@@ -76,6 +89,9 @@ resource "tls_locally_signed_cert" "root" {
  ]
 }
 
+##-----------------------------------------------------------------------------
+## aws_acm_certificate. The ACM certificate resource allows requesting and management of certificates from the Amazon Certificate Manager..
+##-----------------------------------------------------------------------------
 resource "aws_acm_certificate" "root" {
  count = var.certificate_enabled ? 1 : 0
  private_key = join("", tls_private_key.root.*.private_key_pem)
@@ -88,6 +104,9 @@ resource "tls_private_key" "server" {
  algorithm = "RSA"
 }
 
+##-----------------------------------------------------------------------------
+## Generates a Certificate Signing Request (CSR) in PEM format, which is the typical format used to request a certificate from a certificate authority.
+##-----------------------------------------------------------------------------
 resource "tls_cert_request" "server" {
  count = var.enabled ? 1 : 0
  #key_algorithm = "RSA"
@@ -101,6 +120,9 @@ resource "tls_cert_request" "server" {
  dns_names = var.dns_names
 }
 
+##-----------------------------------------------------------------------------
+## Generates a Certificate Signing Request (CSR) in PEM format, which is the typical format used to request a certificate from a certificate authority.
+##-----------------------------------------------------------------------------
 resource "tls_locally_signed_cert" "server" {
  count = var.enabled ? 1 : 0
  cert_request_pem = join("", tls_cert_request.server.*.cert_request_pem)
@@ -117,13 +139,19 @@ resource "tls_locally_signed_cert" "server" {
  ]
 }
 
+##-----------------------------------------------------------------------------
+## aws_acm_certificate. The ACM certificate resource allows requesting and management of certificates from the Amazon Certificate Manager..
+##-----------------------------------------------------------------------------
 resource "aws_acm_certificate" "server" {
  count = var.enabled ? 1 : 0
  private_key = join("", tls_private_key.server.*.private_key_pem)
  certificate_body = join("", tls_locally_signed_cert.server.*.cert_pem)
  certificate_chain = join("", tls_self_signed_cert.ca.*.cert_pem)
 }
 
+##-----------------------------------------------------------------------------
+## aws_ec2_client_vpn_endpoint. Provides an AWS Client VPN endpoint for OpenVPN clients.
+##-----------------------------------------------------------------------------
 resource "aws_ec2_client_vpn_endpoint" "default" {
  count = var.enabled ? 1 : 0
  description = module.labels.id
@@ -156,7 +184,9 @@ resource "aws_ec2_client_vpn_endpoint" "default" {
  }
 
 }
-
+##-----------------------------------------------------------------------------
+## aws_security_group. Provides a security group resource.
+##-----------------------------------------------------------------------------
 resource "aws_security_group" "this" {
  name_prefix = var.name
  vpc_id = var.vpc_id
@@ -178,11 +208,18 @@ resource "aws_security_group" "this" {
  }
 }
 
+##-----------------------------------------------------------------------------
+## Provides network associations for AWS Client VPN endpoints.
+##-----------------------------------------------------------------------------
 resource "aws_ec2_client_vpn_network_association" "default" {
  count = length(var.subnet_ids)
  client_vpn_endpoint_id = join("", aws_ec2_client_vpn_endpoint.default.*.id)
  subnet_id = element(var.subnet_ids, count.index)
 }
+
+##-----------------------------------------------------------------------------
+## aws_cloudwatch_log_group Provides a CloudWatch Log Group resource.
+##-----------------------------------------------------------------------------
 resource "aws_cloudwatch_log_group" "vpn" {
  count = var.enabled ? 1 : 0
  name = format("/aws/vpn/%s/logs", module.labels.id)
@@ -191,28 +228,38 @@ resource "aws_cloudwatch_log_group" "vpn" {
  tags = module.labels.tags
 }
 
+##-----------------------------------------------------------------------------
+## A log stream is a sequence of log events that share the same source. Each separate source of logs in CloudWatch Logs makes up a separate log stream.
+##-----------------------------------------------------------------------------
 resource "aws_cloudwatch_log_stream" "vpn" {
  count = var.enabled ? 1 : 0
  name = format("%s-usage", module.labels.id)
  log_group_name = join("", aws_cloudwatch_log_group.vpn.*.name)
 }
 
+##-----------------------------------------------------------------------------
+## Provides authorization rules for AWS Client VPN endpoints.
+##-----------------------------------------------------------------------------
 resource "aws_ec2_client_vpn_authorization_rule" "vpn_auth" {
  count = length(var.network_cidr)
  client_vpn_endpoint_id = join("", aws_ec2_client_vpn_endpoint.default.*.id)
  target_network_cidr = element(var.network_cidr, count.index)
  authorize_all_groups = true
 }
 
-
+##-----------------------------------------------------------------------------
+## Provides authorization rules for AWS Client VPN endpoints.
+##-----------------------------------------------------------------------------
 resource "aws_ec2_client_vpn_authorization_rule" "vpn_group_auth" {
  count = length(var.group_ids)
  client_vpn_endpoint_id = join("", aws_ec2_client_vpn_endpoint.default.*.id)
  target_network_cidr = "0.0.0.0/0"
  access_group_id = element(var.group_ids, count.index)
 }
 
-
+##-----------------------------------------------------------------------------
+## Provides additional routes for AWS Client VPN endpoints.
+##-----------------------------------------------------------------------------
 resource "aws_ec2_client_vpn_route" "vpn_route" {
  count = length(var.route_cidr)
  client_vpn_endpoint_id = join("", aws_ec2_client_vpn_endpoint.default.*.id)

diff --git a/_example/versions.tf → versions.tf b/_example/versions.tf → versions.tf
@@ -1,11 +1,11 @@
 # Terraform version
 terraform {
- required_version = ">= 1.3.6"
+ required_version = ">= 1.4.6"
 
  required_providers {
  aws = {
  source = "hashicorp/aws"
- version = ">= 4.48.0"
+ version = ">= 5.1.0"
  }
  }
-}
+}