diff --git a/README.md b/README.md index d111f93..5e070f1 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,7 @@ This POC aims to deploy two VPCs in order to test route53 inbound and outbound c ## Deploy terraform ```bash +cd src/ terraform init terraform apply -auto-approve -var=use_output_endpoint=false ``` @@ -150,3 +151,9 @@ In summary: nslookup google.environment-a.private.com # It works now, because there's an outbound resolver that forwards queries to VPC-A inbound resolver nslookup google.environment-a.private.com 10.78.100.10 # It works, because it queries VPC-A inbound resolver IP directly ``` + +## Destroy resources + +```bash +terraform destroy -auto-approve +``` diff --git a/ec2/output.tf b/ec2/output.tf deleted file mode 100644 index 9e21782..0000000 --- a/ec2/output.tf +++ /dev/null @@ -1,7 +0,0 @@ -output "public_dns" { - value = aws_instance.this.public_dns -} - -output "instance_id" { - value = aws_instance.this.id -} diff --git a/src/README.md b/src/README.md new file mode 100644 index 0000000..5591896 --- /dev/null +++ b/src/README.md @@ -0,0 +1,78 @@ +# Documentation - solution + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1 | +| [aws](#requirement\_aws) | 5.31.0 | +| [http](#requirement\_http) | 3.4.1 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | 5.31.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [ec2-a](#module\_ec2-a) | ./ec2 | n/a | +| [ec2-b](#module\_ec2-b) | ./ec2 | n/a | +| [vpc-a](#module\_vpc-a) | ./vpc | n/a | +| [vpc-b](#module\_vpc-b) | ./vpc | n/a | + +## Resources + +| Name | Type | +|------|------| +| [aws_route.traffic-from-a-to-b-private](https://registry.terraform.io/providers/hashicorp/aws/5.31.0/docs/resources/route) | resource | +| [aws_route.traffic-from-a-to-b-public](https://registry.terraform.io/providers/hashicorp/aws/5.31.0/docs/resources/route) | resource | +| [aws_route.traffic-from-b-to-a-private](https://registry.terraform.io/providers/hashicorp/aws/5.31.0/docs/resources/route) | resource | +| [aws_route.traffic-from-b-to-a-public](https://registry.terraform.io/providers/hashicorp/aws/5.31.0/docs/resources/route) | resource | +| [aws_route53_record.google](https://registry.terraform.io/providers/hashicorp/aws/5.31.0/docs/resources/route53_record) | resource | +| [aws_route53_resolver_endpoint.inbound](https://registry.terraform.io/providers/hashicorp/aws/5.31.0/docs/resources/route53_resolver_endpoint) | resource | +| [aws_route53_resolver_endpoint.outbound](https://registry.terraform.io/providers/hashicorp/aws/5.31.0/docs/resources/route53_resolver_endpoint) | resource | +| [aws_route53_resolver_rule.from-b-to-a](https://registry.terraform.io/providers/hashicorp/aws/5.31.0/docs/resources/route53_resolver_rule) | resource | +| [aws_route53_resolver_rule_association.this](https://registry.terraform.io/providers/hashicorp/aws/5.31.0/docs/resources/route53_resolver_rule_association) | resource | +| [aws_route53_zone.dns_zone_private](https://registry.terraform.io/providers/hashicorp/aws/5.31.0/docs/resources/route53_zone) | resource | +| [aws_security_group.inbound](https://registry.terraform.io/providers/hashicorp/aws/5.31.0/docs/resources/security_group) | resource | +| [aws_security_group.outbound](https://registry.terraform.io/providers/hashicorp/aws/5.31.0/docs/resources/security_group) | resource | +| [aws_vpc_peering_connection.peer](https://registry.terraform.io/providers/hashicorp/aws/5.31.0/docs/resources/vpc_peering_connection) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [aza](#input\_aza) | Availability Zone for subnets A | `string` | `"ca-central-1a"` | no | +| [azb](#input\_azb) | Availability Zone for subnets B | `string` | `"ca-central-1b"` | no | +| [private\_domain](#input\_private\_domain) | Private Hosted Zone Name to be deployed on VPC-A | `string` | `"environment-a.private.com"` | no | +| [public\_key\_path](#input\_public\_key\_path) | Path to public key to be used with EC2 instance | `string` | `"~/.ssh/id_rsa.pub"` | no | +| [region](#input\_region) | Region where to deploy code | `string` | `"ca-central-1"` | no | +| [use\_output\_endpoint](#input\_use\_output\_endpoint) | Create outbound endpoint on environment B? | `bool` | `true` | no | +| [vpca\_cidr](#input\_vpca\_cidr) | CIDR Block of VPC-A | `string` | `"10.78.0.0/16"` | no | +| [vpca\_inbound\_resolver\_ipa](#input\_vpca\_inbound\_resolver\_ipa) | IP of inbound resolver on VPC-A private subnet A | `string` | `"10.78.100.10"` | no | +| [vpca\_inbound\_resolver\_ipb](#input\_vpca\_inbound\_resolver\_ipb) | IP of inbound resolver on VPC-A private subnet B | `string` | `"10.78.101.10"` | no | +| [vpca\_private\_subneta\_cidr](#input\_vpca\_private\_subneta\_cidr) | CIDR Block of VPC-A private subnet A | `string` | `"10.78.100.0/24"` | no | +| [vpca\_private\_subnetb\_cidr](#input\_vpca\_private\_subnetb\_cidr) | CIDR Block of VPC-A private subnet B | `string` | `"10.78.101.0/24"` | no | +| [vpca\_public\_subneta\_cidr](#input\_vpca\_public\_subneta\_cidr) | CIDR Block of VPC-A public subnet A | `string` | `"10.78.0.0/24"` | no | +| [vpca\_public\_subnetb\_cidr](#input\_vpca\_public\_subnetb\_cidr) | CIDR Block of VPC-A public subnet B | `string` | `"10.78.1.0/24"` | no | +| [vpcb\_cidr](#input\_vpcb\_cidr) | CIDR Block of VPC-B | `string` | `"10.99.0.0/16"` | no | +| [vpcb\_outbound\_resolver\_ipa](#input\_vpcb\_outbound\_resolver\_ipa) | IP of outbound resolver on VPC-B private subnet A | `string` | `"10.99.100.10"` | no | +| [vpcb\_outbound\_resolver\_ipb](#input\_vpcb\_outbound\_resolver\_ipb) | IP of outbound resolver on VPC-B private subnet B | `string` | `"10.99.101.10"` | no | +| [vpcb\_private\_subneta\_cidr](#input\_vpcb\_private\_subneta\_cidr) | CIDR Block of VPC-B private subnet A | `string` | `"10.99.100.0/24"` | no | +| [vpcb\_private\_subnetb\_cidr](#input\_vpcb\_private\_subnetb\_cidr) | CIDR Block of VPC-B private subnet B | `string` | `"10.99.101.0/24"` | no | +| [vpcb\_public\_subneta\_cidr](#input\_vpcb\_public\_subneta\_cidr) | CIDR Block of VPC-B public subnet A | `string` | `"10.99.0.0/24"` | no | +| [vpcb\_public\_subnetb\_cidr](#input\_vpcb\_public\_subnetb\_cidr) | CIDR Block of VPC-B public subnet B | `string` | `"10.99.1.0/24"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [vpca-inbound-resolver-ipA](#output\_vpca-inbound-resolver-ipA) | IP of inbound-resolver on VPCA-A private subnet A | +| [vpca-inbound-resolver-ipB](#output\_vpca-inbound-resolver-ipB) | IP of inbound-resolver on VPCA-A private subnet B | +| [vpca-instance-public-dns](#output\_vpca-instance-public-dns) | Public DNS of instance-a | +| [vpcb-instance-public-dns](#output\_vpcb-instance-public-dns) | Public DNS of instance-b | + diff --git a/src/ec2/README.md b/src/ec2/README.md new file mode 100644 index 0000000..4319673 --- /dev/null +++ b/src/ec2/README.md @@ -0,0 +1,47 @@ +# Documentation - module ec2 + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | +| [http](#provider\_http) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_instance.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource | +| [aws_key_pair.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair) | resource | +| [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_security_group_rule.all-egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.icmp-ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.ssh-ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_ami.ubuntu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source | +| [http_http.myip](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [name](#input\_name) | Tag Name of ec2 instance | `string` | `"ec2-instance"` | no | +| [public\_key\_path](#input\_public\_key\_path) | Path to public key to be used with EC2 instance | `string` | `"~/.ssh/id_rsa.pub"` | no | +| [subnet\_id](#input\_subnet\_id) | Subnet where to deploy EC2 | `any` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | Subnet where to create Security Group | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [instance\_id](#output\_instance\_id) | ID of EC2 Instance | +| [public\_dns](#output\_public\_dns) | Public DNS of EC2 Instance | + diff --git a/ec2/main.tf b/src/ec2/main.tf similarity index 100% rename from ec2/main.tf rename to src/ec2/main.tf diff --git a/src/ec2/output.tf b/src/ec2/output.tf new file mode 100644 index 0000000..00463b6 --- /dev/null +++ b/src/ec2/output.tf @@ -0,0 +1,9 @@ +output "public_dns" { + value = aws_instance.this.public_dns + description = "Public DNS of EC2 Instance" +} + +output "instance_id" { + value = aws_instance.this.id + description = "ID of EC2 Instance" +} diff --git a/ec2/variables.tf b/src/ec2/variables.tf similarity index 100% rename from ec2/variables.tf rename to src/ec2/variables.tf diff --git a/environment-a.tf b/src/environment-a.tf similarity index 100% rename from environment-a.tf rename to src/environment-a.tf diff --git a/environment-b.tf b/src/environment-b.tf similarity index 100% rename from environment-b.tf rename to src/environment-b.tf diff --git a/provider.tf b/src/provider.tf similarity index 100% rename from provider.tf rename to src/provider.tf diff --git a/test_dns.sh b/src/test_dns.sh similarity index 100% rename from test_dns.sh rename to src/test_dns.sh diff --git a/variables.tf b/src/variables.tf similarity index 100% rename from variables.tf rename to src/variables.tf diff --git a/src/vpc/README.md b/src/vpc/README.md new file mode 100644 index 0000000..5bfcef5 --- /dev/null +++ b/src/vpc/README.md @@ -0,0 +1,59 @@ +# Documentation - module vpc + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_internet_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway) | resource | +| [aws_route.route-public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | +| [aws_route_table.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource | +| [aws_route_table.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource | +| [aws_route_table_association.private-subneta](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | +| [aws_route_table_association.private-subnetb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | +| [aws_route_table_association.public-subneta](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | +| [aws_route_table_association.public-subnetb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | +| [aws_subnet.private-subnet-a](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | +| [aws_subnet.private-subnet-b](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | +| [aws_subnet.public-subnet-a](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | +| [aws_subnet.public-subnet-b](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | +| [aws_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [private\_subneta\_cidr](#input\_private\_subneta\_cidr) | CIDR Block of Private Subnet A | `any` | n/a | yes | +| [private\_subnetb\_cidr](#input\_private\_subnetb\_cidr) | CIDR Block of Private Subnet B | `any` | n/a | yes | +| [public\_subneta\_cidr](#input\_public\_subneta\_cidr) | CIDR Block of Public Subnet A | `any` | n/a | yes | +| [public\_subnetb\_cidr](#input\_public\_subnetb\_cidr) | CIDR Block of Public Subnet B | `any` | n/a | yes | +| [subneta\_az](#input\_subneta\_az) | Availability Zone of subnet A | `any` | n/a | yes | +| [subnetb\_az](#input\_subnetb\_az) | Availability Zone of subnet B | `any` | n/a | yes | +| [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | CIDR Block of VPC | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [private\_route\_table\_id](#output\_private\_route\_table\_id) | ID of Private Route Table | +| [private\_subneta\_id](#output\_private\_subneta\_id) | ID of Private Subnet A | +| [private\_subnetb\_id](#output\_private\_subnetb\_id) | ID of Private Subnet B | +| [public\_route\_table\_id](#output\_public\_route\_table\_id) | ID of Public Route Table | +| [public\_subneta\_id](#output\_public\_subneta\_id) | ID of Public Subnet A | +| [public\_subnetb\_id](#output\_public\_subnetb\_id) | ID of Public Subnet B | +| [vpc\_id](#output\_vpc\_id) | ID of VPC | + diff --git a/vpc/main.tf b/src/vpc/main.tf similarity index 100% rename from vpc/main.tf rename to src/vpc/main.tf diff --git a/src/vpc/output.tf b/src/vpc/output.tf new file mode 100644 index 0000000..ee759cf --- /dev/null +++ b/src/vpc/output.tf @@ -0,0 +1,35 @@ +output "vpc_id" { + value = aws_vpc.this.id + description = "ID of VPC" +} + +output "public_subneta_id" { + value = aws_subnet.public-subnet-a.id + description = "ID of Public Subnet A" +} + +output "private_subnetb_id" { + value = aws_subnet.private-subnet-b.id + description = "ID of Private Subnet B" +} + +output "private_subneta_id" { + value = aws_subnet.private-subnet-a.id + description = "ID of Private Subnet A" + +} + +output "public_subnetb_id" { + value = aws_subnet.public-subnet-b.id + description = "ID of Public Subnet B" +} + +output "public_route_table_id" { + value = aws_route_table.public.id + description = "ID of Public Route Table" +} + +output "private_route_table_id" { + value = aws_route_table.private.id + description = "ID of Private Route Table" +} diff --git a/vpc/variables.tf b/src/vpc/variables.tf similarity index 100% rename from vpc/variables.tf rename to src/vpc/variables.tf diff --git a/vpc_peering.tf b/src/vpc_peering.tf similarity index 100% rename from vpc_peering.tf rename to src/vpc_peering.tf diff --git a/vpc/output.tf b/vpc/output.tf deleted file mode 100644 index 5d06415..0000000 --- a/vpc/output.tf +++ /dev/null @@ -1,27 +0,0 @@ -output "vpc_id" { - value = aws_vpc.this.id -} - -output "public_subneta_id" { - value = aws_subnet.public-subnet-a.id -} - -output "private_subnetb_id" { - value = aws_subnet.private-subnet-b.id -} - -output "private_subneta_id" { - value = aws_subnet.private-subnet-a.id -} - -output "public_subnetb_id" { - value = aws_subnet.public-subnet-b.id -} - -output "public_route_table_id" { - value = aws_route_table.public.id -} - -output "private_route_table_id" { - value = aws_route_table.private.id -}