first commit

README.md

@@ -0,0 +1,42 @@
+# Terraform Base Infra Modules
+
+By using this module you can quickly configure a new account and deploy the basic infrastructure into it making adding accounts and configuring them a relative breeze
+
+* This module consists only of other modules, no actual end resources like EC2 hosts or security groups are defined here, only references to these resources are defined here. All modules that make up this base_infra module are all individualy versioned to make sure that environments are all configured alike without losing the ability to make changes to the individual accounts.
+
+Currently this modules is consuming several other modules, below a list of all these modules;
+- label module (simplifies the labeling and naming of resources)
+- vpc module (Creates the VPC's and related resources like internet gateways, nat gateways, route tables, routes, peerings etc)
+- bastion module (Creates a bastion host and the required security groups)
+- subnets module (Creates the public and private subnets in the availability zones you specified)
+- eks_cluster module (Creates all resources to get an EKS cluster backend up and running)
+- eks_node_group module (Creates and configures the eks workernodes that will run the workloads )
+- flow_logs module (Enables all the network resources in the account to enable flowlogs)
+-
+Using this module is actualy very simple and consists only of adding the following piece of code to a file with the .tf extension and define the variables in one of the following files; terraform.tfvars or variables.tf
+
+```
+module "base_infra" {
+  source = "../../platform"
+  # Variables go beneath this line
+  name                   = var.name
+  vpc_cidr_block        = var.vpc_cidr_block
+  stage                 = var.stage
+  prefix                = var.prefix
+  availability_zones    = var.availability_zones
+  keyname               = var.keyname
+  public_keyname        = var.public_keyname
+  region                = var.region
+  instance_types        = var.instance_types
+  bastion_instance_type = var.bastion_instance_type
+  bastion_ami           = var.bastion_ami
+  disk_size             = var.disk_size
+  max_size              = var.max_size
+  min_size              = var.min_size
+  kubernetes_labels     = var.kubernetes_labels
+  kubeconfig_path       = var.kubeconfig_path
+  desired_size          = var.desired_size
+  aws_eks_update_kubeconfig_additional_arguments = var.aws_eks_update_kubeconfig_additional_arguments
+}
+```
+

main.tf

@@ -0,0 +1,72 @@
+module "label" {
+  #source     = "git::https://terraform:czf1xEsPje-nCsyuyUby@gitlab.carnext.io/infra/terraform/modules/terraform-null-label.git?ref=tags/0.16.0"
+  source     = "github.com/cloudposse/terraform-null-label.git?ref=tags/0.16.0"
+  name       = var.name
+  stage      = var.stage
+  delimiter  = var.delimiter
+  attributes = compact(concat(var.attributes, list("cluster")))
+  tags       = var.tags
+}
+
+locals {
+  tags = merge(module.label.tags, map("kubernetes.io/cluster/${module.label.id}", "shared"))
+}
+
+module "carnext_poc-day0-deploy" {
+  #source      = "git::https://terraform:czf1xEsPje-nCsyuyUby@gitlab.carnext.io/infra/terraform/modules/day0-roles.git?ref=tags/0.0.2"
+  source      = "github.com/webuildyourcloud/terraform-aws-day0-roles.git"
+}
+
+module "carnext_poc-asume-role" {
+  #source      = "git::https://terraform:czf1xEsPje-nCsyuyUby@gitlab.carnext.io/infra/terraform/modules/asume-role.git?ref=tags/0.0.2"
+  source      = "github.com/webuildyourcloud/terraform-aws-assume-role.git"
+}
+
+
+module "vpc" {
+  #source     = "git::https://terraform:czf1xEsPje-nCsyuyUby@gitlab.carnext.io/infra/terraform/modules/terraform-aws-vpc.git?ref=tags/0.8.1"
+  source     = "github.com:cloudposse/terraform-aws-vpc.git?ref=tags/0.8.1"
+  stage      = var.stage
+  name       = var.name
+  attributes = var.attributes
+  cidr_block = var.vpc_cidr_block
+  tags       = local.tags
+}
+
+module "flow_logs" {
+  #source    = "git::https://terraform:czf1xEsPje-nCsyuyUby@gitlab.carnext.io/infra/terraform/modules/terraform-aws-cloudwatch-flow-logs.git?ref=tags/0.3.3"
+  source    = "github.com:cloudposse/terraform-aws-cloudwatch-flow_logs.git"
+  vpc_id    = module.vpc.vpc_id
+  stage     = var.stage
+}
+
+module "subnets" {
+  #source               = "git::https://terraform:czf1xEsPje-nCsyuyUby@gitlab.carnext.io/infra/terraform/modules/terraform-aws-dynamic-subnets.git?ref=tags/0.18.1"
+  source               = "github.com:cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.18.1"
+  availability_zones   = var.availability_zones
+  stage                = var.stage
+  name                 = var.name
+  attributes           = var.attributes
+  vpc_id               = module.vpc.vpc_id
+  igw_id               = module.vpc.igw_id
+  cidr_block           = module.vpc.vpc_cidr_block
+  nat_gateway_enabled  = true
+  nat_instance_enabled = false
+  tags                 = local.tags
+}
+
+module "bastion" {
+  source         = "git::https://terraform:czf1xEsPje-nCsyuyUby@gitlab.carnext.io/infra/terraform/modules/bastion.git"
+  enable_bastion = true
+  environment    = var.stage
+  project        = var.prefix
+  aws_region     = var.region
+  key_name       = var.keyname
+  instance_type  = var.bastion_instance_type
+  subnet_id      = element(module.subnets.public_subnet_ids, 0)
+  vpc_id         = module.vpc.vpc_id
+
+  tags = {
+    Name = "${var.prefix}-${var.stage}-bastion"
+  }
+}

outputs.tf

@@ -0,0 +1,27 @@
+output "public_subnet_cidrs" {
+  value       = module.subnets.public_subnet_cidrs
+  description = "Public subnet CIDRs"
+}
+
+output "private_subnet_cidrs" {
+  value       = module.subnets.private_subnet_cidrs
+  description = "Private subnet CIDRs"
+}
+
+output "public_subnet_ids" {
+  value       = module.subnets.public_subnet_ids
+}
+
+output "private_subnet_ids" {
+  value       = module.subnets.private_subnet_ids
+}
+
+output "vpc_cidr_block" {
+  value       = module.vpc.vpc_cidr_block
+  description = "VPC ID"
+}
+
+output "vpc_id" {
+  value       = module.vpc.vpc_id
+  description = "VPC ID Main VPC"
+}  

variables.tf

@@ -0,0 +1,65 @@
+variable "region" {
+  type        = string
+  description = "AWS Region"
+}
+
+variable "availability_zones" {
+  type    = list(string)
+}
+
+variable "vpc_cidr_block" {
+  type        = string
+  description = "VPC CIDR block"
+}
+
+variable "prefix" {
+  type        = string
+  description = "Namespace, which could be your organization name, e.g. 'eg' or 'cp'"
+}
+
+variable "stage" {
+  type        = string
+  description = "Stage, e.g. 'prod', 'staging', 'dev' or 'testing'"
+}
+
+variable "name" {
+  type        = string
+  description = "Solution name, e.g. 'app' or 'cluster'"
+}
+
+variable "delimiter" {
+  type        = string
+  default     = "-"
+  description = "Delimiter to be used between `name`, `namespace`, `stage`, etc."
+}
+
+variable "attributes" {
+  type        = list(string)
+  default     = []
+  description = "Additional attributes (e.g. `1`)"
+}
+
+variable "tags" {
+  type        = map(string)
+  default     = {}
+  description = "Additional tags (e.g. `map('BusinessUnit`,`XYZ`)"
+}
+
+### Bastion Server Settings ###
+variable "bastion_instance_type" {
+  type    = string
+  description = "EC2 type for bastion"
+}
+
+variable "bastion_ami" {
+  type    = string
+}
+
+variable "keyname" {
+  type    = string
+  default = ""
+}
+
+variable "public_keyname" {
+  default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDboPfi18b0We79c6mqQui+iPPL0KqUWIdm02hb6RyQ67buYPik6KRAin8hiwvgVHyBF3sdnDsaP9snSFq2QQXUtdB5MxHplIJSbdd/oREtTXHCc9OfhGEuJDqQ8ViHj1ApYlLNIohHAhJkVywkpMhLUHqLZ2DXhwVjM9XDHx0aoImwcyczzU9e4T8jtvLB+PlDRNxvCrKuf6Ir6sd1u9vHWQYR4kV61T3Z/VaeRPSF5Y50IF5ECTrNoQeR0NSRIrY6g4/hZzMisLxpybtO44jkZ7OPVwhAjfZgTTZYnrrSkdoL8HYbaEuKZC/WPvoCOfq5eF4ydpwUQomzeCD9pnOX pderuiter@MacBook-Pro-van-Patrick.local"
+}

versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = "~> 0.12.0"
+
+  required_providers {
+    aws      = "~> 2.0"
+    template = "~> 2.0"
+    null     = "~> 2.0"
+    local    = "~> 1.3"
+  }
+}