From 04d4a5da4f811898dec9817d3984cfbb2aab6cbd Mon Sep 17 00:00:00 2001 From: Stanislav Babkin Date: Tue, 21 May 2024 12:37:04 +0300 Subject: [PATCH 1/2] skip: tf templates for launch-config testing developed; resources deplopyed and tested by custodian --- auto_policy_testing/green/launch/data.tf | 9 +++++++ auto_policy_testing/green/launch/launch.tf | 12 +++++++++ auto_policy_testing/green/launch/main.tf | 13 ++++++++++ auto_policy_testing/green/launch/outputs.tf | 5 ++++ auto_policy_testing/green/launch/provider.tf | 16 ++++++++++++ auto_policy_testing/green/launch/variables.tf | 5 ++++ auto_policy_testing/red/launch/data.tf | 9 +++++++ auto_policy_testing/red/launch/launch.tf | 25 +++++++++++++++++++ auto_policy_testing/red/launch/main.tf | 13 ++++++++++ auto_policy_testing/red/launch/outputs.tf | 6 +++++ auto_policy_testing/red/launch/provider.tf | 16 ++++++++++++ auto_policy_testing/red/launch/variables.tf | 5 ++++ .../shared_tf_modules/naming/outputs.tf | 1 + 13 files changed, 135 insertions(+) create mode 100644 auto_policy_testing/green/launch/data.tf create mode 100644 auto_policy_testing/green/launch/launch.tf create mode 100644 auto_policy_testing/green/launch/main.tf create mode 100644 auto_policy_testing/green/launch/outputs.tf create mode 100644 auto_policy_testing/green/launch/provider.tf create mode 100644 auto_policy_testing/green/launch/variables.tf create mode 100644 auto_policy_testing/red/launch/data.tf create mode 100644 auto_policy_testing/red/launch/launch.tf create mode 100644 auto_policy_testing/red/launch/main.tf create mode 100644 auto_policy_testing/red/launch/outputs.tf create mode 100644 auto_policy_testing/red/launch/provider.tf create mode 100644 auto_policy_testing/red/launch/variables.tf diff --git a/auto_policy_testing/green/launch/data.tf b/auto_policy_testing/green/launch/data.tf new file mode 100644 index 000000000..ad12f9144 --- /dev/null +++ b/auto_policy_testing/green/launch/data.tf @@ -0,0 +1,9 @@ +data "aws_ami" "this" { + most_recent = true + owners = ["amazon"] + + filter { + name = "name" + values = ["amzn2-ami-hvm*"] + } +} diff --git a/auto_policy_testing/green/launch/launch.tf b/auto_policy_testing/green/launch/launch.tf new file mode 100644 index 000000000..5196df70c --- /dev/null +++ b/auto_policy_testing/green/launch/launch.tf @@ -0,0 +1,12 @@ +resource "aws_launch_configuration" "this" { + name_prefix = "${module.naming.resource_prefix.launch_config}" + image_id = data.aws_ami.this.id + instance_type = "t2.micro" + associate_public_ip_address = false + + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + http_put_response_hop_limit = "1" + } +} diff --git a/auto_policy_testing/green/launch/main.tf b/auto_policy_testing/green/launch/main.tf new file mode 100644 index 000000000..4fba53b14 --- /dev/null +++ b/auto_policy_testing/green/launch/main.tf @@ -0,0 +1,13 @@ +module "naming" { + source = "../../shared_tf_modules/naming" + resource_type = basename(abspath(path.module)) + status = title(basename(dirname(abspath(path.module)))) +} + +data "terraform_remote_state" "common" { + backend = "local" + + config = { + path = "../common_resources/terraform.tfstate" + } +} \ No newline at end of file diff --git a/auto_policy_testing/green/launch/outputs.tf b/auto_policy_testing/green/launch/outputs.tf new file mode 100644 index 000000000..30660a0b8 --- /dev/null +++ b/auto_policy_testing/green/launch/outputs.tf @@ -0,0 +1,5 @@ +output "launch" { + value = { + launch-config = aws_launch_configuration.this.name + } +} diff --git a/auto_policy_testing/green/launch/provider.tf b/auto_policy_testing/green/launch/provider.tf new file mode 100644 index 000000000..1eaddc411 --- /dev/null +++ b/auto_policy_testing/green/launch/provider.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5" + } + } +} + +provider "aws" { + region = var.region + default_tags { + tags = module.naming.default_tags + } +} + diff --git a/auto_policy_testing/green/launch/variables.tf b/auto_policy_testing/green/launch/variables.tf new file mode 100644 index 000000000..2bd4793c8 --- /dev/null +++ b/auto_policy_testing/green/launch/variables.tf @@ -0,0 +1,5 @@ +variable "region" { + type = string + description = "Region where resources will be created" + default = "us-east-1" +} diff --git a/auto_policy_testing/red/launch/data.tf b/auto_policy_testing/red/launch/data.tf new file mode 100644 index 000000000..ad12f9144 --- /dev/null +++ b/auto_policy_testing/red/launch/data.tf @@ -0,0 +1,9 @@ +data "aws_ami" "this" { + most_recent = true + owners = ["amazon"] + + filter { + name = "name" + values = ["amzn2-ami-hvm*"] + } +} diff --git a/auto_policy_testing/red/launch/launch.tf b/auto_policy_testing/red/launch/launch.tf new file mode 100644 index 000000000..78cdb1912 --- /dev/null +++ b/auto_policy_testing/red/launch/launch.tf @@ -0,0 +1,25 @@ +resource "aws_launch_configuration" "this" { + name_prefix = "${module.naming.resource_prefix.launch_config}" + image_id = data.aws_ami.this.id + instance_type = "t2.micro" + associate_public_ip_address = true + + # metadata_options { + # http_endpoint = "enabled" + # http_tokens = "required" + # http_put_response_hop_limit = "5" + # } +} + +resource "aws_launch_configuration" "this2" { + name_prefix = "${module.naming.resource_prefix.launch_config}-2" + image_id = data.aws_ami.this.id + instance_type = "t2.micro" + associate_public_ip_address = true + + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + http_put_response_hop_limit = "5" + } +} \ No newline at end of file diff --git a/auto_policy_testing/red/launch/main.tf b/auto_policy_testing/red/launch/main.tf new file mode 100644 index 000000000..4fba53b14 --- /dev/null +++ b/auto_policy_testing/red/launch/main.tf @@ -0,0 +1,13 @@ +module "naming" { + source = "../../shared_tf_modules/naming" + resource_type = basename(abspath(path.module)) + status = title(basename(dirname(abspath(path.module)))) +} + +data "terraform_remote_state" "common" { + backend = "local" + + config = { + path = "../common_resources/terraform.tfstate" + } +} \ No newline at end of file diff --git a/auto_policy_testing/red/launch/outputs.tf b/auto_policy_testing/red/launch/outputs.tf new file mode 100644 index 000000000..31d567978 --- /dev/null +++ b/auto_policy_testing/red/launch/outputs.tf @@ -0,0 +1,6 @@ +output "launch" { + value = { + launch-config = aws_launch_configuration.this.name + ecc-aws-520-autoscaling_launch_config_hop_limit = aws_launch_configuration.this2.name + } +} diff --git a/auto_policy_testing/red/launch/provider.tf b/auto_policy_testing/red/launch/provider.tf new file mode 100644 index 000000000..1eaddc411 --- /dev/null +++ b/auto_policy_testing/red/launch/provider.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5" + } + } +} + +provider "aws" { + region = var.region + default_tags { + tags = module.naming.default_tags + } +} + diff --git a/auto_policy_testing/red/launch/variables.tf b/auto_policy_testing/red/launch/variables.tf new file mode 100644 index 000000000..2bd4793c8 --- /dev/null +++ b/auto_policy_testing/red/launch/variables.tf @@ -0,0 +1,5 @@ +variable "region" { + type = string + description = "Region where resources will be created" + default = "us-east-1" +} diff --git a/auto_policy_testing/shared_tf_modules/naming/outputs.tf b/auto_policy_testing/shared_tf_modules/naming/outputs.tf index 561eb1663..014904e73 100755 --- a/auto_policy_testing/shared_tf_modules/naming/outputs.tf +++ b/auto_policy_testing/shared_tf_modules/naming/outputs.tf @@ -1,5 +1,6 @@ output "resource_prefix" { value = { + launch_config = "${local.suffix}_${var.resource_type}_launch_config_${local.compliance_status}" cloud_trail = "${local.suffix}_${var.resource_type}_cloudtrail_${local.compliance_status}" nat_gateway = "${local.suffix}_${var.resource_type}_ng_${local.compliance_status}" eks = "${local.suffix}_${var.resource_type}_eks_${local.compliance_status}" From 7c0e7e156356bf4e4b7c2136351d36917c88dfd4 Mon Sep 17 00:00:00 2001 From: Stanislav Babkin Date: Tue, 21 May 2024 13:07:38 +0300 Subject: [PATCH 2/2] skip: tf templates for peering-connection testing developed; resources deplopyed and tested by custodian --- .../green/peering-connection/data.tf | 1 + .../green/peering-connection/main.tf | 13 ++++++++++++ .../green/peering-connection/outputs.tf | 5 +++++ .../peering-connection/peering_connection.tf | 14 +++++++++++++ .../green/peering-connection/provider.tf | 16 +++++++++++++++ .../green/peering-connection/variables.tf | 5 +++++ .../red/peering-connection/data.tf | 1 + .../red/peering-connection/main.tf | 13 ++++++++++++ .../red/peering-connection/outputs.tf | 5 +++++ .../peering-connection/peering_connection.tf | 15 ++++++++++++++ .../red/peering-connection/provider.tf | 20 +++++++++++++++++++ .../red/peering-connection/variables.tf | 5 +++++ 12 files changed, 113 insertions(+) create mode 100644 auto_policy_testing/green/peering-connection/data.tf create mode 100644 auto_policy_testing/green/peering-connection/main.tf create mode 100644 auto_policy_testing/green/peering-connection/outputs.tf create mode 100644 auto_policy_testing/green/peering-connection/peering_connection.tf create mode 100644 auto_policy_testing/green/peering-connection/provider.tf create mode 100644 auto_policy_testing/green/peering-connection/variables.tf create mode 100644 auto_policy_testing/red/peering-connection/data.tf create mode 100644 auto_policy_testing/red/peering-connection/main.tf create mode 100644 auto_policy_testing/red/peering-connection/outputs.tf create mode 100644 auto_policy_testing/red/peering-connection/peering_connection.tf create mode 100644 auto_policy_testing/red/peering-connection/provider.tf create mode 100644 auto_policy_testing/red/peering-connection/variables.tf diff --git a/auto_policy_testing/green/peering-connection/data.tf b/auto_policy_testing/green/peering-connection/data.tf new file mode 100644 index 000000000..5b17d03b2 --- /dev/null +++ b/auto_policy_testing/green/peering-connection/data.tf @@ -0,0 +1 @@ +data "aws_caller_identity" "this" {} \ No newline at end of file diff --git a/auto_policy_testing/green/peering-connection/main.tf b/auto_policy_testing/green/peering-connection/main.tf new file mode 100644 index 000000000..4fba53b14 --- /dev/null +++ b/auto_policy_testing/green/peering-connection/main.tf @@ -0,0 +1,13 @@ +module "naming" { + source = "../../shared_tf_modules/naming" + resource_type = basename(abspath(path.module)) + status = title(basename(dirname(abspath(path.module)))) +} + +data "terraform_remote_state" "common" { + backend = "local" + + config = { + path = "../common_resources/terraform.tfstate" + } +} \ No newline at end of file diff --git a/auto_policy_testing/green/peering-connection/outputs.tf b/auto_policy_testing/green/peering-connection/outputs.tf new file mode 100644 index 000000000..108f5fa73 --- /dev/null +++ b/auto_policy_testing/green/peering-connection/outputs.tf @@ -0,0 +1,5 @@ +output "peering-connection" { + value = { + peering-connection = aws_vpc_peering_connection.this.id + } +} diff --git a/auto_policy_testing/green/peering-connection/peering_connection.tf b/auto_policy_testing/green/peering-connection/peering_connection.tf new file mode 100644 index 000000000..77e52f252 --- /dev/null +++ b/auto_policy_testing/green/peering-connection/peering_connection.tf @@ -0,0 +1,14 @@ +resource "aws_vpc_peering_connection" "this" { + peer_owner_id = data.aws_caller_identity.this.account_id + peer_vpc_id = aws_vpc.vpc1.id + vpc_id = aws_vpc.vpc2.id + auto_accept = true +} + +resource "aws_vpc" "vpc1" { + cidr_block = "10.1.0.0/16" +} + +resource "aws_vpc" "vpc2" { + cidr_block = "10.2.0.0/16" +} \ No newline at end of file diff --git a/auto_policy_testing/green/peering-connection/provider.tf b/auto_policy_testing/green/peering-connection/provider.tf new file mode 100644 index 000000000..1eaddc411 --- /dev/null +++ b/auto_policy_testing/green/peering-connection/provider.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5" + } + } +} + +provider "aws" { + region = var.region + default_tags { + tags = module.naming.default_tags + } +} + diff --git a/auto_policy_testing/green/peering-connection/variables.tf b/auto_policy_testing/green/peering-connection/variables.tf new file mode 100644 index 000000000..2bd4793c8 --- /dev/null +++ b/auto_policy_testing/green/peering-connection/variables.tf @@ -0,0 +1,5 @@ +variable "region" { + type = string + description = "Region where resources will be created" + default = "us-east-1" +} diff --git a/auto_policy_testing/red/peering-connection/data.tf b/auto_policy_testing/red/peering-connection/data.tf new file mode 100644 index 000000000..5b17d03b2 --- /dev/null +++ b/auto_policy_testing/red/peering-connection/data.tf @@ -0,0 +1 @@ +data "aws_caller_identity" "this" {} \ No newline at end of file diff --git a/auto_policy_testing/red/peering-connection/main.tf b/auto_policy_testing/red/peering-connection/main.tf new file mode 100644 index 000000000..4fba53b14 --- /dev/null +++ b/auto_policy_testing/red/peering-connection/main.tf @@ -0,0 +1,13 @@ +module "naming" { + source = "../../shared_tf_modules/naming" + resource_type = basename(abspath(path.module)) + status = title(basename(dirname(abspath(path.module)))) +} + +data "terraform_remote_state" "common" { + backend = "local" + + config = { + path = "../common_resources/terraform.tfstate" + } +} \ No newline at end of file diff --git a/auto_policy_testing/red/peering-connection/outputs.tf b/auto_policy_testing/red/peering-connection/outputs.tf new file mode 100644 index 000000000..108f5fa73 --- /dev/null +++ b/auto_policy_testing/red/peering-connection/outputs.tf @@ -0,0 +1,5 @@ +output "peering-connection" { + value = { + peering-connection = aws_vpc_peering_connection.this.id + } +} diff --git a/auto_policy_testing/red/peering-connection/peering_connection.tf b/auto_policy_testing/red/peering-connection/peering_connection.tf new file mode 100644 index 000000000..bd427b0fc --- /dev/null +++ b/auto_policy_testing/red/peering-connection/peering_connection.tf @@ -0,0 +1,15 @@ +resource "aws_vpc_peering_connection" "this" { + peer_owner_id = data.aws_caller_identity.this.account_id + peer_vpc_id = aws_vpc.vpc1.id + vpc_id = aws_vpc.vpc2.id + auto_accept = true + provider = aws.provider2 +} + +resource "aws_vpc" "vpc1" { + cidr_block = "10.1.0.0/16" +} + +resource "aws_vpc" "vpc2" { + cidr_block = "10.2.0.0/16" +} \ No newline at end of file diff --git a/auto_policy_testing/red/peering-connection/provider.tf b/auto_policy_testing/red/peering-connection/provider.tf new file mode 100644 index 000000000..e9c3ea28f --- /dev/null +++ b/auto_policy_testing/red/peering-connection/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5" + } + } +} + +provider "aws" { + region = var.region + default_tags { + tags = module.naming.default_tags + } +} + +provider "aws" { + region = var.region + alias = "provider2" +} diff --git a/auto_policy_testing/red/peering-connection/variables.tf b/auto_policy_testing/red/peering-connection/variables.tf new file mode 100644 index 000000000..2bd4793c8 --- /dev/null +++ b/auto_policy_testing/red/peering-connection/variables.tf @@ -0,0 +1,5 @@ +variable "region" { + type = string + description = "Region where resources will be created" + default = "us-east-1" +}