diff --git a/.github/workflows/tf_testing.yml b/.github/workflows/tf_testing.yml index 152eeb46..e0d7323c 100644 --- a/.github/workflows/tf_testing.yml +++ b/.github/workflows/tf_testing.yml @@ -9,7 +9,7 @@ on: # resource_priority_list: # type: string # description: Priority list for resources (you can remove unnecessary resources during testing) - # default: 'efs' + # default: 'efsdata.terraform_remote_state.common.outputs.sg_1_id' # required: true concurrency: @@ -22,7 +22,7 @@ env: CORE_TESTING_FOLDER: ${{ github.workspace }} OUTPUT_DIR: ${{ github.workspace }}/auto_policy_testing/output AWS_DEFAULT_REGION: ${{ vars.AWS_REGION }} - resource_priority_list: 'log' + resource_priority_list: 'peering-connection,launch' RED: '\033[0;31m' jobs: diff --git a/auto_policy_testing/green/common_resources/outputs.tf b/auto_policy_testing/green/common_resources/outputs.tf index a454b420..40ecf504 100644 --- a/auto_policy_testing/green/common_resources/outputs.tf +++ b/auto_policy_testing/green/common_resources/outputs.tf @@ -22,6 +22,10 @@ output "kms_key_arn" { value = aws_kms_key.this.arn } +output "sg_1_id" { + value = aws_security_group.this.id +} + output "wafregional_acl_id" { value = aws_wafregional_web_acl.this.id } \ No newline at end of file diff --git a/auto_policy_testing/green/kafka/kafka.tf b/auto_policy_testing/green/kafka/kafka.tf index 95c6f5d5..873a3aa9 100644 --- a/auto_policy_testing/green/kafka/kafka.tf +++ b/auto_policy_testing/green/kafka/kafka.tf @@ -1,47 +1,22 @@ -resource "aws_vpc" "this" { - cidr_block = "192.168.0.0/22" -} - -resource "aws_subnet" "subnet_1" { - availability_zone = data.aws_availability_zones.this.names[0] - cidr_block = "192.168.0.0/24" - vpc_id = aws_vpc.this.id -} - -resource "aws_subnet" "subnet_2" { - availability_zone = data.aws_availability_zones.this.names[1] - cidr_block = "192.168.1.0/24" - vpc_id = aws_vpc.this.id -} - -resource "aws_subnet" "subnet_3" { - availability_zone = data.aws_availability_zones.this.names[2] - cidr_block = "192.168.2.0/24" - vpc_id = aws_vpc.this.id -} - -resource "aws_security_group" "this" { - vpc_id = aws_vpc.this.id -} +# Takes min to deploy resource "aws_msk_cluster" "this" { cluster_name = "${module.naming.resource_prefix.kafka}" - kafka_version = "2.6.2" - number_of_broker_nodes = 3 + kafka_version = "3.5.1" + number_of_broker_nodes = 2 broker_node_group_info { instance_type = "kafka.t3.small" client_subnets = [ - aws_subnet.subnet_1.id, - aws_subnet.subnet_2.id, - aws_subnet.subnet_3.id, + data.terraform_remote_state.common.outputs.vpc_subnet_1_id, + data.terraform_remote_state.common.outputs.vpc_subnet_2_id ] storage_info { ebs_storage_info { - volume_size = 5 + volume_size = 1 } } - security_groups = [aws_security_group.this.id] + security_groups = [data.terraform_remote_state.common.outputs.sg_1_id] } encryption_info { diff --git a/auto_policy_testing/green/peering-connection/peering_connection.tf b/auto_policy_testing/green/peering-connection/peering_connection.tf index 77e52f25..ce34be61 100644 --- a/auto_policy_testing/green/peering-connection/peering_connection.tf +++ b/auto_policy_testing/green/peering-connection/peering_connection.tf @@ -1,14 +1,10 @@ resource "aws_vpc_peering_connection" "this" { peer_owner_id = data.aws_caller_identity.this.account_id - peer_vpc_id = aws_vpc.vpc1.id - vpc_id = aws_vpc.vpc2.id + peer_vpc_id = data.terraform_remote_state.common.outputs.vpc_id + vpc_id = aws_vpc.vpc.id auto_accept = true } -resource "aws_vpc" "vpc1" { +resource "aws_vpc" "vpc" { cidr_block = "10.1.0.0/16" } - -resource "aws_vpc" "vpc2" { - cidr_block = "10.2.0.0/16" -} \ No newline at end of file diff --git a/auto_policy_testing/red/common_resources/outputs.tf b/auto_policy_testing/red/common_resources/outputs.tf index aeb7271a..44170ec9 100644 --- a/auto_policy_testing/red/common_resources/outputs.tf +++ b/auto_policy_testing/red/common_resources/outputs.tf @@ -16,4 +16,8 @@ output "vpc_subnet_2_id" { output "vpc_subnet_3_id" { value = aws_subnet.subnet3.id +} + +output "sg_1_id" { + value = aws_security_group.this.id } \ No newline at end of file diff --git a/auto_policy_testing/red/common_resources/sg.tf b/auto_policy_testing/red/common_resources/sg.tf new file mode 100644 index 00000000..1bb6062b --- /dev/null +++ b/auto_policy_testing/red/common_resources/sg.tf @@ -0,0 +1,8 @@ +resource "aws_security_group" "this" { + name = module.naming.resource_prefix.security_group + vpc_id = aws_vpc.this.id + tags = { + Name = "${module.naming.resource_prefix.security_group}" + } +} + diff --git a/auto_policy_testing/red/kafka/kafka.tf b/auto_policy_testing/red/kafka/kafka.tf index 8f8b0fb5..2bce8b1c 100644 --- a/auto_policy_testing/red/kafka/kafka.tf +++ b/auto_policy_testing/red/kafka/kafka.tf @@ -1,35 +1,9 @@ -resource "aws_vpc" "this" { - cidr_block = "192.168.0.0/22" -} - -resource "aws_subnet" "subnet_1" { - availability_zone = data.aws_availability_zones.this.names[0] - cidr_block = "192.168.0.0/24" - vpc_id = aws_vpc.this.id -} - -resource "aws_subnet" "subnet_2" { - availability_zone = data.aws_availability_zones.this.names[1] - cidr_block = "192.168.1.0/24" - vpc_id = aws_vpc.this.id -} - -resource "aws_subnet" "subnet_3" { - availability_zone = data.aws_availability_zones.this.names[2] - cidr_block = "192.168.2.0/24" - vpc_id = aws_vpc.this.id -} - -resource "aws_security_group" "this" { - vpc_id = aws_vpc.this.id -} - resource "aws_msk_cluster" "this" { - cluster_name = "${module.naming.resource_prefix.kafka}" - kafka_version = "2.6.2" - number_of_broker_nodes = 3 provider = aws.provider2 - + cluster_name = "${module.naming.resource_prefix.kafka}" + kafka_version = "3.5.1" + number_of_broker_nodes = 2 + encryption_info { encryption_in_transit { client_broker = "TLS_PLAINTEXT" @@ -40,15 +14,14 @@ resource "aws_msk_cluster" "this" { broker_node_group_info { instance_type = "kafka.t3.small" client_subnets = [ - aws_subnet.subnet_1.id, - aws_subnet.subnet_2.id, - aws_subnet.subnet_3.id, + data.terraform_remote_state.common.outputs.vpc_subnet_1_id, + data.terraform_remote_state.common.outputs.vpc_subnet_2_id ] storage_info { ebs_storage_info { - volume_size = 5 + volume_size = 1 } } - security_groups = [aws_security_group.this.id] + security_groups = [data.terraform_remote_state.common.outputs.sg_1_id] } } diff --git a/auto_policy_testing/red/launch/data.tf b/auto_policy_testing/red/launch/data.tf index ad12f914..5a09ec3f 100644 --- a/auto_policy_testing/red/launch/data.tf +++ b/auto_policy_testing/red/launch/data.tf @@ -1,9 +1,9 @@ data "aws_ami" "this" { most_recent = true owners = ["amazon"] - + filter { - name = "name" - values = ["amzn2-ami-hvm*"] + name = "name" + values = ["amzn2-ami-hvm*"] } } diff --git a/auto_policy_testing/red/launch/launch.tf b/auto_policy_testing/red/launch/launch.tf index 65b0fb9c..8a98aef4 100644 --- a/auto_policy_testing/red/launch/launch.tf +++ b/auto_policy_testing/red/launch/launch.tf @@ -1,8 +1,8 @@ resource "aws_launch_configuration" "this" { - name_prefix = "${module.naming.resource_prefix.launch_config}" + name_prefix = module.naming.resource_prefix.launch_config image_id = data.aws_ami.this.id instance_type = "t2.micro" - associate_public_ip_address = true + associate_public_ip_address = true metadata_options { http_endpoint = "enabled" http_tokens = "optional" diff --git a/auto_policy_testing/red/peering-connection/peering_connection.tf b/auto_policy_testing/red/peering-connection/peering_connection.tf index bd427b0f..a85af0c6 100644 --- a/auto_policy_testing/red/peering-connection/peering_connection.tf +++ b/auto_policy_testing/red/peering-connection/peering_connection.tf @@ -1,15 +1,10 @@ resource "aws_vpc_peering_connection" "this" { - peer_owner_id = data.aws_caller_identity.this.account_id - peer_vpc_id = aws_vpc.vpc1.id - vpc_id = aws_vpc.vpc2.id - auto_accept = true provider = aws.provider2 + peer_owner_id = data.aws_caller_identity.this.account_id + peer_vpc_id = data.terraform_remote_state.common.outputs.vpc_id + vpc_id = aws_vpc.vpc.id } -resource "aws_vpc" "vpc1" { - cidr_block = "10.1.0.0/16" -} - -resource "aws_vpc" "vpc2" { +resource "aws_vpc" "vpc" { cidr_block = "10.2.0.0/16" } \ No newline at end of file diff --git a/auto_policy_testing/shared_tf_modules/naming/outputs.tf b/auto_policy_testing/shared_tf_modules/naming/outputs.tf index cac67a1a..83fdc5b6 100755 --- a/auto_policy_testing/shared_tf_modules/naming/outputs.tf +++ b/auto_policy_testing/shared_tf_modules/naming/outputs.tf @@ -14,7 +14,7 @@ output "resource_prefix" { sagemaker_model = "${local.suffix}-${var.resource_type}-sagemaker-model-${local.compliance_status}" sagemaker_notebook = "${local.suffix}-${var.resource_type}-sagemaker-notebook-${local.compliance_status}" qldb = "${local.suffix}-${var.resource_type}-qldb-${local.compliance_status}" - kafka = "${local.suffix}_${var.resource_type}_kafka_${local.compliance_status}" + kafka = "${local.suffix}-${var.resource_type}-kafka-${local.compliance_status}" acm = "${local.suffix}.${local.compliance_status}" launch_config = "${local.suffix}_${var.resource_type}_launch_config_${local.compliance_status}" nat_gateway = "${local.suffix}_${var.resource_type}_ng_${local.compliance_status}"