diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..d1cc181
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,29 @@
+repos:
+ - repo: https://github.com/pre-commit/pre-commit-hooks
+ rev: v4.1.0
+ hooks:
+ - id: trailing-whitespace
+ args: ['--markdown-linebreak-ext=md']
+ - id: end-of-file-fixer
+ - id: check-merge-conflict
+ - id: detect-private-key
+ - id: detect-aws-credentials
+ args: ['--allow-missing-credentials']
+ - repo: https://github.com/antonbabenko/pre-commit-terraform
+ rev: v1.77.0
+ hooks:
+ - id: terraform_fmt
+ - id: terraform_docs
+ args:
+ - '--args=--lockfile=false'
+ - --hook-config=--add-to-existing-file=true
+ - --hook-config=--create-file-if-not-exist=true
+
+ - id: terraform_tflint
+ args:
+ - --args=--config=.tflint.hcl
+ - id: terraform_tfsec
+ files: ^examples/ # only scan `examples/*` which are the implementation
+ args:
+ - --args=--config-file=__GIT_WORKING_DIR__/tfsec.yaml
+ - --args=--concise-output
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..278fc1b
--- /dev/null
+++ b/README.md
@@ -0,0 +1,113 @@
+## Terraform EKS Reference
+
+Terraform reference to deploy a production ready EKS cluster. This reference takes care of provisioning a secure VPC network with VPN , deploy an EKS cluster and configure it with required resources,controllers and utilities to start deploying applications.
+
+## Requirements and Prerequisites
+
+1. An AWS account
+2. A system with [Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli) and [kubectl](https://kubernetes.io/docs/tasks/tools/) installed
+
+This repository contains Terraform configuration files for deploying a set of modules in a specific order. The tfstate module must be deployed first, followed by main module.
+
+## Deploying the tfstate Module
+
+The tfstate module is used for storing the Terraform state file remotely, which is a recommended practice to ensure consistency and collaboration among team members.
+
+To deploy the tfstate module, navigate to the **tfstate** directory and run the following commands:
+
+1. terraform init
+2. terraform plan
+3. terraform apply
+
+Once you have provided the required input, Terraform will create the necessary resources for the tfstate module.
+
+## Deploying the EKS Cluster
+
+After the tfstate module has been deployed, you can deploy the the EKS cluster setup. Creating an EKS cluster involves several steps, including setting up a Virtual Private Cloud (VPC), creating an EKS cluster, configuring an EKS node group, and bootstrapping the cluster.
+
+### VPC
+
+The [squareops/vpc/aws](https://registry.terraform.io/modules/squareops/vpc/aws/latest) module available on the Terraform Registry is designed to create and manage Virtual Private Cloud (VPC) resources in AWS (Amazon Web Services).
+
+The module can be used to create a new VPC along with its associated resources such as Subnets, Route Tables, Security Groups, Network ACL(s) (NACL), and Internet Gateway (IGW). It offers a simplified and standardized way to create VPC infrastructure, while also providing flexibility to customize VPC resources based on specific requirements.
+
+The [squareops/vpc/aws](https://registry.terraform.io/modules/squareops/vpc/aws/latest) module offers a range of configuration options, including the ability to specify CIDR blocks for VPC and subnet ranges, assign names and tags to VPC resources, enable DNS support, and configure NAT gateways. Additionally, the module provides pre-configured modules for creating subnets in different availability zones(AZs), route tables, and security groups.
+
+By using this module, AWS users can save time and effort in setting up VPC infrastructure, and ensure that their VPCs are created in a consistent and reproducible manner. The module is open source and maintained by [SquareOps](https://squareops.com/), a consulting company that specializes in cloud infrastructure and DevOps automation.
+
+### EKS
+
+The [squareops/eks/aws](https://registry.terraform.io/modules/squareops/eks/aws/latest) module available on the Terraform Registry is designed to create and manage an EKS (Elastic Kubernetes Service) cluster in AWS (Amazon Web Services).
+
+The module provides a simplified and standardized way to create and manage the kubernetes control plane and worker nodes in EKS. It automates the process of creating the necessary EKS resources such as security groups, IAM roles and policies, and the EKS cluster itself.
+
+The [squareops/eks/aws](https://registry.terraform.io/modules/squareops/eks/aws/latest) module offers a range of configuration options, such as the ability to specify the number of worker nodes, instance types, and desired capacity. It also provides pre-configured modules for configuring worker node groups with different instance types, adding custom tags.
+
+By using this module, AWS users can set up a kubernetes cluster on EKS in a simple, efficient, and reproducible manner. It also ensures that the EKS cluster is created with the best practices in mind, and that it is secured according to industry standards. The module is open source and maintained by [SquareOps](https://squareops.com/), a consulting company that specializes in cloud infrastructure and DevOps automation.
+
+### EKS-BOOTSTRAP
+
+The [squareops/eks-bootstrap/aws](https://registry.terraform.io/modules/squareops/eks-bootstrap/aws/latest) module available on the Terraform Registry is designed to bootstrap an EKS (Elastic Kubernetes Service) cluster in AWS (Amazon Web Services) with the necessary resources to run a kubernetes workload.
+
+The module provides a simplified and standardized way to create the kubernetes worker nodes in EKS, and to deploy the necessary add-ons and configurations to run kubernetes workloads. It automates the process of creating the necessary EKS resources.
+
+By using this module, AWS users can save time and ensure that their kubernetes workloads are deployed in a consistent and reproducible manner. It also ensures that the EKS cluster is created with the best practices in mind, and that it is secured according to industry standards. The module is open source and maintained by [SquareOps](https://squareops.com/), a consulting company that specializes in cloud infrastructure and DevOps automation.
+
+
+# terraform-eks-reference
+
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [eks](#module\_eks) | squareops/eks/aws | 1.0.3 |
+| [eks\_bootstrap](#module\_eks\_bootstrap) | squareops/eks-bootstrap/aws | 1.1.0 |
+| [key\_pair\_eks](#module\_key\_pair\_eks) | squareops/keypair/aws | 1.0.2 |
+| [key\_pair\_vpn](#module\_key\_pair\_vpn) | squareops/keypair/aws | 1.0.2 |
+| [managed\_node\_group\_production](#module\_managed\_node\_group\_production) | squareops/eks/aws//modules/managed-nodegroup | 1.0.3 |
+| [vpc](#module\_vpc) | squareops/vpc/aws | 2.1.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [cluster\_endpoint](#output\_cluster\_endpoint) | Endpoint for EKS Control Plane |
+| [cluster\_name](#output\_cluster\_name) | EKS Cluster Name |
+| [cluster\_oidc\_issuer\_url](#output\_cluster\_oidc\_issuer\_url) | The URL on the EKS cluster for the OpenID Connect identity provider |
+| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | Security group IDs attached to the cluster control plane |
+| [database\_subnets](#output\_database\_subnets) | List of IDs of Database Subnets |
+| [efs\_id](#output\_efs\_id) | The ID of the EFS |
+| [intra\_subnets](#output\_intra\_subnets) | List of IDs of Intra Subnets |
+| [kms\_policy\_arn](#output\_kms\_policy\_arn) | ARN of KMS policy |
+| [nginx\_ingress\_controller\_dns\_hostname](#output\_nginx\_ingress\_controller\_dns\_hostname) | NGINX Ingress Controller DNS Hostname |
+| [private\_subnets](#output\_private\_subnets) | List of IDs of Private Subnets |
+| [public\_subnets](#output\_public\_subnets) | List of IDs of Public Subnets |
+| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of VPC |
+| [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
+| [vpn\_host\_public\_ip](#output\_vpn\_host\_public\_ip) | Public IP Adress of VPN Server |
+| [vpn\_security\_group](#output\_vpn\_security\_group) | Security Group ID of VPN Server |
+| [worker\_iam\_role\_arn](#output\_worker\_iam\_role\_arn) | ARN of the EKS Worker Role |
+| [worker\_iam\_role\_name](#output\_worker\_iam\_role\_name) | The name of the EKS Worker IAM role |
+
diff --git a/eks.tf b/eks.tf
index 011c67f..e561155 100644
--- a/eks.tf
+++ b/eks.tf
@@ -12,13 +12,14 @@ module "eks" {
name = local.name
vpc_id = module.vpc.vpc_id
environment = local.environment
+ cluster_version = "1.24"
kms_key_arn = ""
- cluster_version = "1.23"
cluster_log_types = ["api", "scheduler"]
cluster_log_retention_in_days = 30
cluster_endpoint_public_access = true
cluster_endpoint_public_access_cidrs = ["0.0.0.0/0"]
}
+
data "aws_eks_cluster" "cluster" {
name = module.eks.cluster_name
}
@@ -32,18 +33,18 @@ module "managed_node_group_production" {
version = "1.0.3"
depends_on = [module.vpc, module.eks]
name = "Infra"
+ environment = local.environment
+ eks_cluster_name = module.eks.cluster_name
+ eks_nodes_keypair_name = module.key_pair_eks.key_pair_name
+ subnet_ids = [module.vpc.private_subnets[0]]
+ kms_policy_arn = module.eks.kms_policy_arn
+ worker_iam_role_name = module.eks.worker_iam_role_name
min_size = 1
max_size = 3
desired_size = 1
- subnet_ids = [module.vpc.private_subnets[0]]
- environment = local.environment
- kms_key_arn = ""
capacity_type = "SPOT"
instance_types = ["t3a.large", "t2.large", "t2.xlarge", "t3.large", "m5.large"]
- kms_policy_arn = module.eks.kms_policy_arn
- eks_cluster_name = module.eks.cluster_name
- worker_iam_role_name = module.eks.worker_iam_role_name
- eks_nodes_keypair_name = module.key_pair_eks.key_pair_name
+ kms_key_arn = ""
k8s_labels = {
"Infra-Services" = "true"
}
@@ -53,50 +54,50 @@ module "managed_node_group_production" {
module "eks_bootstrap" {
- source = "squareops/eks-bootstrap/aws"
- version = "1.1.0"
- name = local.name
- vpc_id = module.vpc.vpc_id
- environment = local.environment
- kms_key_arn = ""
- keda_enabled = true
- istio_enabled = false
- kms_policy_arn = module.eks.kms_policy_arn # eks module will create kms_policy_arn
- eks_cluster_name = module.eks.cluster_name
- reloader_enabled = true
- karpenter_enabled = true
- single_az_sc_config = [{ name = "infra-service-sc", zone = "us-east-2a" }]
- cert_manager_enabled = true
- worker_iam_role_name = module.eks.worker_iam_role_name
- ingress_nginx_enabled = true
- metrics_server_enabled = false
- external_secrets_enabled = true
- amazon_eks_vpc_cni_enabled = true
- cluster_autoscaler_enabled = true
- service_monitor_crd_enabled = true
- karpenter_provisioner_enabled = false
+ source = "squareops/eks-bootstrap/aws"
+ version = "1.1.0"
+ name = local.name
+ environment = local.environment
+ eks_cluster_name = module.eks.cluster_name
+ vpc_id = module.vpc.vpc_id
+ kms_key_arn = ""
+ worker_iam_role_name = module.eks.worker_iam_role_name
+ kms_policy_arn = module.eks.kms_policy_arn # eks module will create kms_policy_arn
+ keda_enabled = true
+ istio_enabled = false
+ reloader_enabled = true
+ metrics_server_enabled = false
+ external_secrets_enabled = true
+ amazon_eks_vpc_cni_enabled = true
+ service_monitor_crd_enabled = true
+ cert_manager_enabled = true
+ cert_manager_letsencrypt_email = "admin@example.com"
+ cert_manager_install_letsencrypt_http_issuers = true
+ ingress_nginx_enabled = true
+ internal_ingress_nginx_enabled = true
+ efs_storage_class_enabled = false
+ single_az_sc_config = [{ name = "infra-service-sc", zone = "us-east-2a" }]
+ amazon_eks_aws_ebs_csi_driver_enabled = true
+ single_az_ebs_gp3_storage_class_enabled = true
+ cluster_autoscaler_enabled = true
+ cluster_propotional_autoscaler_enabled = true
+ aws_node_termination_handler_enabled = true
+ karpenter_enabled = true
+ karpenter_provisioner_enabled = false
karpenter_provisioner_config = {
private_subnet_name = format("%s-%s-private-subnet", local.environment, local.name)
instance_capacity_type = ["spot"]
excluded_instance_type = ["nano", "micro", "small"]
}
- cert_manager_letsencrypt_email = "rohit.kumar@squareops.com"
- internal_ingress_nginx_enabled = true
- efs_storage_class_enabled = false
- aws_node_termination_handler_enabled = true
- amazon_eks_aws_ebs_csi_driver_enabled = true
- cluster_propotional_autoscaler_enabled = true
- single_az_ebs_gp3_storage_class_enabled = true
- cert_manager_install_letsencrypt_http_issuers = true
- velero_enabled = true
+ velero_enabled = true
velero_config = {
namespaces = "" # If you want full cluster backup, leave it blank else provide namespace.
- slack_notification_token = "4559734786594-qQ8486bluEuvmxrYxRatsM8R"
+ slack_notification_token = "4559734786594"
slack_notification_channel_name = "demo-notifications"
retention_period_in_days = 45
schedule_backup_cron_time = "* 1 * * *"
- velero_backup_name = "clusterback"
+ velero_backup_name = "clusterbackup"
backup_bucket_name = "velero-backup"
}
-}
\ No newline at end of file
+}
diff --git a/output.tf b/output.tf
index c0e3cd1..90962a3 100644
--- a/output.tf
+++ b/output.tf
@@ -4,32 +4,32 @@ output "vpc_id" {
}
output "vpc_cidr_block" {
- description = "AWS Region"
+ description = "The CIDR block of VPC"
value = module.vpc.vpc_cidr_block
}
output "public_subnets" {
- description = "List of IDs of public subnets"
+ description = "List of IDs of Public Subnets"
value = module.vpc.public_subnets
}
output "private_subnets" {
- description = "List of IDs of private subnets"
+ description = "List of IDs of Private Subnets"
value = module.vpc.private_subnets
}
output "database_subnets" {
- description = "List of IDs of database subnets"
+ description = "List of IDs of Database Subnets"
value = module.vpc.database_subnets
}
output "intra_subnets" {
- description = "List of IDs of Intra subnets"
+ description = "List of IDs of Intra Subnets"
value = module.vpc.intra_subnets
}
output "vpn_host_public_ip" {
- description = "IP Adress of VPN Server"
+ description = "Public IP Adress of VPN Server"
value = module.vpc.vpn_host_public_ip
}
@@ -39,25 +39,20 @@ output "vpn_security_group" {
}
output "cluster_name" {
- description = "Kubernetes Cluster Name"
+ description = "EKS Cluster Name"
value = module.eks.cluster_name
}
output "cluster_endpoint" {
- description = "Endpoint for EKS control plane"
+ description = "Endpoint for EKS Control Plane"
value = module.eks.cluster_endpoint
}
output "cluster_security_group_id" {
- description = "Security group ids attached to the cluster control plane"
+ description = "Security group IDs attached to the cluster control plane"
value = module.eks.cluster_security_group_id
}
-output "cluster_arn" {
- description = "Name of the kubeconfig context"
- value = module.eks.cluster_arn
-}
-
output "cluster_oidc_issuer_url" {
description = "The URL on the EKS cluster for the OpenID Connect identity provider"
value = module.eks.cluster_oidc_issuer_url
@@ -83,12 +78,7 @@ output "nginx_ingress_controller_dns_hostname" {
value = module.eks_bootstrap.nginx_ingress_controller_dns_hostname
}
-output "ebs_encryption" {
- description = "Is AWS EBS encryption is enabled or not?"
- value = "Encrypted by default"
-}
-
output "efs_id" {
value = module.eks_bootstrap.efs_id
- description = "EFS ID"
-}
\ No newline at end of file
+ description = "The ID of the EFS"
+}
diff --git a/tfstate/README.md b/tfstate/README.md
index c8e6a9f..c1d82d0 100644
--- a/tfstate/README.md
+++ b/tfstate/README.md
@@ -21,7 +21,7 @@ module "backend" {
}
```
-Refer [examples](https://github.com/squareops/terraform-aws-tfstate/tree/main/examples/state-storage-backend) for more details.
+Refer [examples](https://github.com/squareops/terraform-aws-tfstate/tree/main/examples/state-storage-backend) for more details.
## IAM Permissions
The required IAM permissions to create resources from this module can be found [here](https://github.com/squareops/terraform-aws-tfstate/blob/main/IAM.md)
@@ -41,61 +41,33 @@ Security scanning is graciously provided by Prowler. Proowler is the leading ful
## Requirements
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 4.9 |
+No requirements.
## Providers
-| Name | Version |
-|------|---------|
-| [aws](#provider\_aws) | >= 4.9 |
+No providers.
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [kms\_key](#module\_kms\_key) | clouddrove/kms/aws | 0.15.0 |
-| [log\_bucket](#module\_log\_bucket) | terraform-aws-modules/s3-bucket/aws | 3.4.0 |
-| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | 3.4.0 |
+| [backend](#module\_backend) | squareops/tfstate/aws | 1.0.0 |
## Resources
-| Name | Type |
-|------|------|
-| [aws_cloudtrail.s3_cloudtrail](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail) | resource |
-| [aws_cloudwatch_log_group.s3_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
-| [aws_dynamodb_table.dynamodb_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource |
-| [aws_iam_policy.s3_cloudtrail_cloudwatch_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_role.s3_cloudtrail_cloudwatch_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy_attachment.s3_cloudtrail_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_kms_key.mykey](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.cloudtrail_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+No resources.
## Inputs
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [bucket\_name](#input\_bucket\_name) | bucket name | `string` | `""` | no |
-| [environment](#input\_environment) | Select enviroment type: dev, demo, prod | `string` | `"demo"` | no |
-| [force\_destroy](#input\_force\_destroy) | Indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error | `bool` | `false` | no |
-| [logging](#input\_logging) | Map containing access bucket logging configuration | `bool` | `false` | no |
-| [region](#input\_region) | In which region S3 bucket will create | `string` | `""` | no |
-| [versioning\_enabled](#input\_versioning\_enabled) | keeping multiple variants of an object in the same bucket | `bool` | `false` | no |
+No inputs.
## Outputs
| Name | Description |
|------|-------------|
-| [bucket\_region](#output\_bucket\_region) | In which region S3 bucket will create |
-| [dynamodb\_table\_name](#output\_dynamodb\_table\_name) | dynamodb table name |
-| [log\_bucket\_name](#output\_log\_bucket\_name) | logging table name |
-| [state\_bucket\_name](#output\_state\_bucket\_name) | bucket name with id |
+| [dynamodb\_table\_name](#output\_dynamodb\_table\_name) | DynamoDB Table Name |
+| [log\_bucket\_name](#output\_log\_bucket\_name) | S3 Logging Bucket Name |
+| [state\_bucket\_name](#output\_state\_bucket\_name) | S3 State Bucket Name |
## Contribution & Issue Reporting
@@ -104,7 +76,7 @@ To report an issue with a project:
1. Check the repository's [issue tracker](https://github.com/squareops/terraform-aws-tfstate/issues) on GitHub
2. Search to see if the issue has already been reported
- 3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Make sure to provide enough context and details .
+ 3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Make sure to provide enough context and details .
## License
@@ -136,4 +108,3 @@ We believe that the key to success in the digital age is the ability to deliver
We provide [support](https://squareops.com/contact-us/) on all of our projects, no matter how small or large they may be.
You can find more information about our company on this [squareops.com](https://squareops.com/), follow us on [Linkedin](https://www.linkedin.com/company/squareops-technologies-pvt-ltd/), or fill out a [job application](https://squareops.com/careers/). If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to [contact us](https://squareops.com/contact-us/).
-
diff --git a/tfstate/main.tf b/tfstate/main.tf
index 0727a21..c5bc840 100644
--- a/tfstate/main.tf
+++ b/tfstate/main.tf
@@ -1,17 +1,13 @@
-provider "aws" {
- region = local.region
-}
-
locals {
+ name = "tfstate"
region = "us-east-2"
environment = "prod"
- name = "skaf"
bucket_name = "stage"
}
module "backend" {
- source = "squareops/tfstate/aws"
- version = "1.0.0"
+ source = "squareops/tfstate/aws"
+ version = "1.0.0"
logging = false
environment = local.environment
bucket_name = local.bucket_name #unique global s3 bucket name
diff --git a/tfstate/output.tf b/tfstate/output.tf
index 25ccbd8..aa826a8 100644
--- a/tfstate/output.tf
+++ b/tfstate/output.tf
@@ -1,14 +1,14 @@
output "state_bucket_name" {
- description = "bucket name with id"
+ description = "S3 State Bucket Name"
value = module.backend.state_bucket_name
}
output "dynamodb_table_name" {
- description = "dynamodb table name"
+ description = "DynamoDB Table Name"
value = module.backend.dynamodb_table_name
}
output "log_bucket_name" {
- description = "logging table name"
+ description = "S3 Logging Bucket Name"
value = module.backend.log_bucket_name
}
diff --git a/tfstate/versions.tf b/tfstate/versions.tf
new file mode 100644
index 0000000..c291cce
--- /dev/null
+++ b/tfstate/versions.tf
@@ -0,0 +1,3 @@
+provider "aws" {
+ region = local.region
+}
diff --git a/vpc.tf b/vpc.tf
index 68bfbcc..93bb79f 100644
--- a/vpc.tf
+++ b/vpc.tf
@@ -1,9 +1,9 @@
locals {
region = "us-east-2"
environment = "prod"
- name = "skaf"
+ name = "vpc"
additional_aws_tags = {
- Owner = "SquareOps"
+ Owner = "organization_name"
Expires = "Never"
Department = "Engineering"
}
@@ -26,16 +26,16 @@ module "vpc" {
name = local.name
vpc_cidr = local.vpc_cidr
environment = local.environment
- flow_log_enabled = true
- vpn_key_pair_name = local.vpn_server_enabled ? module.key_pair_vpn[0].key_pair_name : null
- vpn_server_enabled = local.vpn_server_enabled
availability_zones = 2
intra_subnet_enabled = true
public_subnet_enabled = true
private_subnet_enabled = true
one_nat_gateway_per_az = true
database_subnet_enabled = true
+ vpn_server_enabled = local.vpn_server_enabled
+ vpn_key_pair_name = local.vpn_server_enabled ? module.key_pair_vpn[0].key_pair_name : null
vpn_server_instance_type = "t3a.small"
+ flow_log_enabled = true
flow_log_max_aggregation_interval = 60
flow_log_cloudwatch_log_group_retention_in_days = 90
}