Skip to content

Commit

Permalink
skip: Merge branch 'policy_testing_2' into feature/policy_testing
Browse files Browse the repository at this point in the history
  • Loading branch information
anna-shcherbak committed May 20, 2024
2 parents a453481 + e3fe003 commit e973090
Show file tree
Hide file tree
Showing 11 changed files with 268 additions and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/tf_testing.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ env:
CORE_TESTING_FOLDER: ${{ github.workspace }}
OUTPUT_DIR: ${{ github.workspace }}/auto_policy_testing/output
AWS_DEFAULT_REGION: ${{ vars.AWS_REGION }}
resource_priority_list: 'subnet,message,eks,fsx'
resource_priority_list: 'subnet,message,eks'
RED: '\033[0;31m'

jobs:
Expand Down
72 changes: 72 additions & 0 deletions auto_policy_testing/green/cache/elasticache.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
resource "aws_elasticache_cluster" "this" {
cluster_id = "${module.naming.resource_prefix.elasticache}-cluster"
replication_group_id = aws_elasticache_replication_group.this.id
# snapshot_retention_limit = 7

log_delivery_configuration {
destination = aws_cloudwatch_log_group.this.name
destination_type = "cloudwatch-logs"
log_format = "text"
log_type = "slow-log"
}

log_delivery_configuration {
destination = aws_cloudwatch_log_group.this.name
destination_type = "cloudwatch-logs"
log_format = "text"
log_type = "engine-log"
}

# notification_topic_arn = aws_sns_topic.this.arn
}

resource "aws_sns_topic" "this" {
name = "${module.naming.resource_prefix.elasticache}"
}

resource "aws_cloudwatch_log_group" "this" {
name = "${module.naming.resource_prefix.elasticache}"
}

resource "aws_elasticache_replication_group" "this" {
at_rest_encryption_enabled = true
kms_key_id = data.terraform_remote_state.common.outputs.kms_key_arn
engine = "redis"
replication_group_id = module.naming.resource_prefix.elasticache
description = module.naming.resource_prefix.elasticache
node_type = "cache.t2.micro"
num_cache_clusters = 2
port = 6379
subnet_group_name = "${module.naming.resource_prefix.elasticache}-subnetgroup"
multi_az_enabled = false
automatic_failover_enabled = true
depends_on = [aws_elasticache_subnet_group.this]
transit_encryption_enabled = true
auth_token = random_password.this.result
}

resource "aws_elasticache_subnet_group" "this" {
name = "${module.naming.resource_prefix.elasticache}-subnetgroup"

subnet_ids = [
data.terraform_remote_state.common.outputs.vpc_subnet_1_id,
data.terraform_remote_state.common.outputs.vpc_subnet_2_id
]
}

resource "random_password" "this" {
length = 18
min_lower = 1
min_upper = 1
min_numeric = 1
special = false
}

# ecc-aws-265-elasticache_previous_generation_instances_not_used
resource "aws_elasticache_cluster" "memcached" {
cluster_id = "${module.naming.resource_prefix.elasticache}-cluster2"
engine = "memcached"
node_type = "cache.t2.micro"
num_cache_nodes = 1
port = 11211
}
13 changes: 13 additions & 0 deletions auto_policy_testing/green/cache/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
module "naming" {
source = "../../shared_tf_modules/naming"
resource_type = basename(abspath(path.module))
status = title(basename(dirname(abspath(path.module))))
}

data "terraform_remote_state" "common" {
backend = "local"

config = {
path = "../common_resources/terraform.tfstate"
}
}
5 changes: 5 additions & 0 deletions auto_policy_testing/green/cache/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
output "cache" {
value = {
cache-cluster = aws_elasticache_cluster.this.arn
}
}
15 changes: 15 additions & 0 deletions auto_policy_testing/green/cache/provider.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5"
}
}
}

provider "aws" {
region = var.region
default_tags {
tags = module.naming.default_tags
}
}
5 changes: 5 additions & 0 deletions auto_policy_testing/green/cache/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
variable "region" {
type = string
description = "Region where resources will be created"
default = "us-east-1"
}
114 changes: 114 additions & 0 deletions auto_policy_testing/red/directory/directory.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@

resource "aws_directory_service_directory" "this" {
name = "DirectoryService.example.com"
password = "#S1ncerely"
size = "Small"

vpc_settings {
vpc_id = aws_vpc.this.id
subnet_ids = [
aws_subnet.this1.id,
aws_subnet.this2.id
]
}
}

resource "aws_vpc" "this" {
cidr_block = "10.0.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
}

resource "aws_subnet" "this1" {
vpc_id = aws_vpc.this.id
cidr_block = "10.0.1.0/24"
availability_zone_id = "use1-az2"
map_public_ip_on_launch = "true"
}

resource "aws_subnet" "this2" {
vpc_id = aws_vpc.this.id
cidr_block = "10.0.2.0/24"
availability_zone_id = "use1-az4"
map_public_ip_on_launch = "true"
}

resource "aws_internet_gateway" "this" {
vpc_id = aws_vpc.this.id
}

resource "aws_route_table" "this" {
vpc_id = aws_vpc.this.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.this.id
}
}

resource "aws_route_table_association" "this" {
subnet_id = aws_subnet.this1.id
route_table_id = aws_route_table.this.id
}

resource "aws_route_table_association" "this2" {
subnet_id = aws_subnet.this2.id
route_table_id = aws_route_table.this.id
}


# # ecc-aws-147-ebs_volume_without_encrypt
# # ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1
# resource "aws_ebs_volume" "this" {
# availability_zone = data.aws_availability_zones.this.names[0]
# size = 8
# type = "io1"
# iops = 100

# tags = {
# Name = "${module.naming.resource_prefix.ebs_volume}"
# }
# }


# # ecc-aws-076-ebs_snapshots_not_publicly_restorable
# # ecc-aws-326-ebs_volume_encrypted_with_kms_cmk
# # ecc-aws-328-unused_ebs_volumes
# # ecc-aws-548-ebs_volumes_are_of_type_gp3_instead_of_gp2
# # ecc-aws-379-ebs_snapshot_without_tag_information
# # ecc-aws-378-ebs_without_tag_information
# resource "aws_ebs_volume" "default_volume" {
# availability_zone = data.aws_availability_zones.this.names[0]
# size = 8
# type = "gp2"
# provider = aws.provider2
# }

# resource "aws_ebs_snapshot" "this" {
# volume_id = aws_ebs_volume.default_volume.id
# provider = aws.provider2
# }

# resource "null_resource" "this" {
# provisioner "local-exec" {
# command = "aws ec2 modify-snapshot-attribute --snapshot-id ${aws_ebs_snapshot.this.id} --attribute createVolumePermission --operation-type add --group-names all"
# interpreter = ["/bin/bash", "-c"]
# }
# depends_on = [aws_ebs_snapshot.this]
# }


# # ecc-aws-575-ebs_volumes_attached_to_stopped_ec2_instances
# resource "aws_instance" "this" {
# ami = data.aws_ami.this.id
# instance_type = "t2.micro"
# subnet_id = data.aws_subnets.this.ids[0]

# tags = {
# Name = "${module.naming.resource_prefix.ec2_instance}"
# }
# }

# resource "aws_ec2_instance_state" "this" {
# instance_id = aws_instance.this.id
# state = "stopped"
# }
13 changes: 13 additions & 0 deletions auto_policy_testing/red/directory/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
module "naming" {
source = "../../shared_tf_modules/naming"
resource_type = basename(abspath(path.module))
status = title(basename(dirname(abspath(path.module))))
}

data "terraform_remote_state" "common" {
backend = "local"

config = {
path = "../common_resources/terraform.tfstate"
}
}
5 changes: 5 additions & 0 deletions auto_policy_testing/red/directory/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
output "directory" {
value = {
directory = aws_directory_service_directory.this.id
}
}
20 changes: 20 additions & 0 deletions auto_policy_testing/red/directory/provider.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5"
}
}
}

provider "aws" {
region = var.region
default_tags {
tags = module.naming.default_tags
}
}

provider "aws" {
region = var.region
alias = "provider2"
}
5 changes: 5 additions & 0 deletions auto_policy_testing/red/directory/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
variable "region" {
type = string
description = "Region where resources will be created"
default = "us-east-1"
}

0 comments on commit e973090

Please sign in to comment.