Skip to content

Commit 1f0feac

Browse files
Merge pull request #1 from opensource4learn/mr-alpha
AWS multi tier architecture implementation
2 parents 0abf936 + 6181397 commit 1f0feac

File tree

15 files changed

+217
-162
lines changed

15 files changed

+217
-162
lines changed

README.md

Lines changed: 17 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -21,12 +21,13 @@ provider "aws" {
2121
}
2222
2323
module "vpc" {
24-
source = "opensource4learn/vpc/aws"
25-
version = "0.1.0-beta"
26-
cluster_prefix = "source4learn"
27-
cluster_environment = "production"
28-
cidr = "10.0.0.0/20"
29-
subnet_bits = "4"
24+
source = "opensource4learn/vpc/aws"
25+
version = "0.1.0-beta"
26+
cluster_prefix = "source4learn"
27+
cluster_environment = "development"
28+
cluster_architecture = "3-tier"
29+
cidr = "10.0.0.0/20"
30+
subnet_bits = "4"
3031
}
3132
```
3233

@@ -36,6 +37,12 @@ module "vpc" {
3637
|------|---------|
3738
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.0 |
3839

40+
## Providers
41+
42+
| Name | Version |
43+
|------|---------|
44+
| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
45+
3946
## Modules
4047

4148
| Name | Source | Version |
@@ -56,9 +63,10 @@ module "vpc" {
5663

5764
| Name | Description | Type | Default | Required |
5865
|------|-------------|------|---------|:--------:|
59-
| <a name="input_cidr"></a> [cidr](#input\_cidr) | CIDR block value to define the size of the AWS VPC | `string` | `"10.0.0.0/20"` | no |
60-
| <a name="input_cluster_environment"></a> [cluster_environment](#input\_cluster_environment) | To apply generic cluster_environment to AWS VPC Resources | `string` | n/a | yes |
61-
| <a name="input_cluster_prefix"></a> [cluster_prefix](#input\_cluster_prefix) | To apply generic naming to AWS VPC Resources | `string` | n/a | yes |
66+
| <a name="input_cidr"></a> [cidr](#input\_cidr) | CIDR block value to define the size of the AWS VPC | `string` | "10.0.0.0/20" | yes |
67+
| <a name="input_cluster_architecture"></a> [cluster\_architecture](#input\_cluster\_architecture) | To apply generic cluster architecture to AWS VPC Resources | `string` | n/a | yes |
68+
| <a name="input_cluster_environment"></a> [cluster\_environment](#input\_cluster\_environment) | To apply generic environment to AWS VPC Resources | `string` | n/a | yes |
69+
| <a name="input_cluster_prefix"></a> [cluster\_prefix](#input\_cluster\_prefix) | To apply generic naming to AWS VPC Resources | `string` | n/a | yes |
6270
| <a name="input_subnet_bits"></a> [subnet\_bits](#input\_subnet\_bits) | Subnet bits for cidrsubnet interpolation or Size we need to define for the Subnet (cidr of VPC + Subnet bits) | `string` | n/a | yes |
6371

6472
## Outputs

main.tf

Lines changed: 20 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -33,32 +33,36 @@ module "public_subnet" {
3333
cluster_prefix = var.cluster_prefix
3434
cluster_environment = var.cluster_environment
3535
subnet_type = ["public"]
36+
cluster_architecture = var.cluster_architecture
3637
}
3738

3839
# AWS NAT Gateway Module
3940
module "nat_gateway" {
40-
source = "./modules/nat-gateways"
41-
cluster_prefix = var.cluster_prefix
42-
cluster_environment = var.cluster_environment
43-
public_subnet_ids = module.public_subnet.public_subnet_ids
41+
source = "./modules/nat-gateways"
42+
cluster_prefix = var.cluster_prefix
43+
cluster_environment = var.cluster_environment
44+
public_subnet_ids = module.public_subnet.public_subnet_ids
45+
cluster_architecture = var.cluster_architecture
4446
}
4547

4648
# AWS VPC Subnets Module - Private Subnet
4749
module "private_subnet" {
48-
source = "./modules/subnets"
49-
vpc_id = aws_vpc.vpc.id
50-
aws_nat_gateway_id = module.nat_gateway.nat_gateway_ids
51-
cidr = var.cidr
52-
cluster_prefix = var.cluster_prefix
53-
cluster_environment = var.cluster_environment
54-
subnet_bits = var.subnet_bits
55-
subnet_type = ["private", "storage"]
50+
source = "./modules/subnets"
51+
vpc_id = aws_vpc.vpc.id
52+
aws_nat_gateway_id = module.nat_gateway.nat_gateway_ids
53+
cidr = var.cidr
54+
cluster_prefix = var.cluster_prefix
55+
cluster_environment = var.cluster_environment
56+
subnet_bits = var.subnet_bits
57+
subnet_type = ["private", "storage"]
58+
cluster_architecture = var.cluster_architecture
5659
}
5760

5861
# AWS VPC Security Groups Module
5962
module "security_group" {
60-
source = "./modules/security-groups"
61-
vpc_id = aws_vpc.vpc.id
62-
cluster_prefix = var.cluster_prefix
63-
cluster_environment = var.cluster_environment
63+
source = "./modules/security-groups"
64+
vpc_id = aws_vpc.vpc.id
65+
cluster_prefix = var.cluster_prefix
66+
cluster_environment = var.cluster_environment
67+
cluster_architecture = var.cluster_architecture
6468
}

modules/nat-gateways/main.tf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ data "aws_availability_zones" "available_zones" {}
44
# AWS Elastic IPs
55
resource "aws_eip" "eip" {
66
vpc = true
7-
count = length(data.aws_availability_zones.available_zones.names)
7+
count = var.cluster_architecture == "2-tier" || var.cluster_architecture == "3-tier" ? length(data.aws_availability_zones.available_zones.names) : 0
88

99
tags = {
1010
Name = "${var.cluster_prefix}-${count.index + 1}"
@@ -16,7 +16,7 @@ resource "aws_eip" "eip" {
1616
resource "aws_nat_gateway" "nat_gateway" {
1717
allocation_id = element(aws_eip.eip.*.id, count.index)
1818
subnet_id = element(var.public_subnet_ids, count.index)
19-
count = length(data.aws_availability_zones.available_zones.names)
19+
count = var.cluster_architecture == "2-tier" || var.cluster_architecture == "3-tier" ? length(data.aws_availability_zones.available_zones.names) : 0
2020

2121
tags = {
2222
Name = "${var.cluster_prefix}-${count.index + 1}"

modules/nat-gateways/variables.tf

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,11 @@ variable "cluster_environment" {
88
type = string
99
}
1010

11+
variable "cluster_architecture" {
12+
description = "To apply generic cluster_environment to AWS VPC Resources"
13+
type = string
14+
}
15+
1116
variable "public_subnet_ids" {
1217
description = "list of public subnets in order of availability zones so that NAT Gateway's can be created in those respective subnets"
1318
type = list(any)

modules/security-groups/main.tf

Lines changed: 108 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -1,68 +1,132 @@
11
# AWS Public Security Group
2-
module "public_security_group" {
3-
source = "./resources"
4-
vpc_id = var.vpc_id
5-
cluster_prefix = var.cluster_prefix
6-
cluster_environment = var.cluster_environment
7-
sg_type = "public"
8-
sg_description = "Allow connections from internet"
2+
resource "aws_security_group" "public_security_group" {
3+
count = var.cluster_architecture == "1-tier" || var.cluster_architecture == "2-tier" || var.cluster_architecture == "3-tier" ? 1 : 0
4+
name = "${var.cluster_prefix}-public"
5+
description = "Allow connections from internet"
6+
vpc_id = var.vpc_id
7+
revoke_rules_on_delete = true
8+
9+
egress {
10+
description = "Allow all outbound"
11+
from_port = 0
12+
to_port = 0
13+
protocol = "-1"
14+
cidr_blocks = ["0.0.0.0/0"]
15+
}
16+
17+
ingress {
18+
description = "Allow ssh connection inbound public"
19+
from_port = 22
20+
to_port = 22
21+
protocol = "tcp"
22+
cidr_blocks = ["0.0.0.0/0"]
23+
}
24+
25+
26+
ingress {
27+
description = "Allow http inbound public"
28+
from_port = 80
29+
to_port = 80
30+
protocol = "tcp"
31+
cidr_blocks = ["0.0.0.0/0"]
32+
}
33+
34+
ingress {
35+
description = "Allow https inbound public"
36+
from_port = 443
37+
to_port = 443
38+
protocol = "tcp"
39+
cidr_blocks = ["0.0.0.0/0"]
40+
}
41+
42+
tags = {
43+
Name = "${var.cluster_prefix}-public"
44+
Environment = var.cluster_environment
45+
Type = "public"
46+
}
947
}
1048

1149
# AWS Public Security Group Rules
12-
resource "aws_security_group_rule" "allow_http_inbound_public" {
13-
type = "ingress"
14-
from_port = 80
15-
to_port = 80
16-
protocol = "tcp"
17-
cidr_blocks = ["0.0.0.0/0"]
18-
security_group_id = module.public_security_group.security_group_id
19-
}
50+
# resource "aws_security_group_rule" "allow_http_inbound_public" {
51+
# type = "ingress"
52+
# from_port = 80
53+
# to_port = 80
54+
# protocol = "tcp"
55+
# cidr_blocks = ["0.0.0.0/0"]
56+
# security_group_id = aws_security_group.public_security_group.id
57+
# }
2058

21-
resource "aws_security_group_rule" "allow_https_inbound_public" {
22-
type = "ingress"
23-
from_port = 443
24-
to_port = 443
25-
protocol = "tcp"
26-
cidr_blocks = ["0.0.0.0/0"]
27-
security_group_id = module.public_security_group.security_group_id
28-
}
59+
# resource "aws_security_group_rule" "allow_https_inbound_public" {
60+
# type = "ingress"
61+
# from_port = 443
62+
# to_port = 443
63+
# protocol = "tcp"
64+
# cidr_blocks = ["0.0.0.0/0"]
65+
# security_group_id = aws_security_group.public_security_group.id
66+
# }
2967

3068
# AWS Private Security Group
31-
module "private_security_group" {
32-
source = "./resources"
33-
vpc_id = var.vpc_id
34-
cluster_prefix = var.cluster_prefix
35-
cluster_environment = var.cluster_environment
36-
sg_type = "private"
37-
sg_description = "The private security group to allows inbound traffic from public group"
69+
resource "aws_security_group" "private_security_group" {
70+
count = var.cluster_architecture == "2-tier" || var.cluster_architecture == "3-tier" ? 1 : 0
71+
name = "${var.cluster_prefix}-private"
72+
description = "The private security group to allows inbound traffic from public group"
73+
vpc_id = var.vpc_id
74+
revoke_rules_on_delete = true
75+
76+
egress {
77+
from_port = 0
78+
to_port = 0
79+
protocol = "-1"
80+
cidr_blocks = ["0.0.0.0/0"]
81+
}
82+
83+
tags = {
84+
Name = "${var.cluster_prefix}-private"
85+
Environment = var.cluster_environment
86+
Type = "private"
87+
}
3888
}
3989

4090
# AWS Private Security Group Rules
4191
resource "aws_security_group_rule" "allow_inbound_private" {
92+
count = var.cluster_architecture == "2-tier" || var.cluster_architecture == "3-tier" ? 1 : 0
4293
type = "ingress"
4394
from_port = 0
44-
to_port = 65535
95+
to_port = 0
4596
protocol = "-1"
46-
source_security_group_id = module.public_security_group.security_group_id
47-
security_group_id = module.private_security_group.security_group_id
97+
source_security_group_id = aws_security_group.public_security_group[0].id
98+
security_group_id = aws_security_group.private_security_group[0].id
4899
}
49100

50101
# AWS Storage Security Group
51-
module "storage_security_group" {
52-
source = "./resources"
53-
vpc_id = var.vpc_id
54-
cluster_prefix = var.cluster_prefix
55-
cluster_environment = var.cluster_environment
56-
sg_type = "storage"
57-
sg_description = "The storage security group to allows inbound traffic from private group"
102+
resource "aws_security_group" "storage_security_group" {
103+
count = var.cluster_architecture == "3-tier" ? 1 : 0
104+
name = "${var.cluster_prefix}-storage"
105+
description = "The storage security group to allows inbound traffic from private group"
106+
vpc_id = var.vpc_id
107+
revoke_rules_on_delete = true
108+
109+
egress {
110+
from_port = 0
111+
to_port = 0
112+
protocol = "-1"
113+
cidr_blocks = ["0.0.0.0/0"]
114+
}
115+
116+
tags = {
117+
Name = "${var.cluster_prefix}-storage"
118+
Environment = var.cluster_environment
119+
Type = "storage"
120+
}
58121
}
59122

60123
# AWS Storage Security Group Rules
61124
resource "aws_security_group_rule" "allow_inbound_storage" {
125+
count = var.cluster_architecture == "3-tier" ? 1 : 0
62126
type = "ingress"
63127
from_port = 0
64-
to_port = 65535
128+
to_port = 0
65129
protocol = "-1"
66-
source_security_group_id = module.private_security_group.security_group_id
67-
security_group_id = module.storage_security_group.security_group_id
68-
}
130+
source_security_group_id = aws_security_group.private_security_group[0].id
131+
security_group_id = aws_security_group.storage_security_group[0].id
132+
}

modules/security-groups/output.tf

Lines changed: 1 addition & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,3 @@
11
output "public_security_group_id" {
2-
value = module.public_security_group.security_group_id
2+
value = aws_security_group.public_security_group[0].id
33
}
4-
5-
output "private_security_group_id" {
6-
value = module.private_security_group.security_group_id
7-
}
8-
9-
output "storage_security_group_id" {
10-
value = module.storage_security_group.security_group_id
11-
}

modules/security-groups/resources/main.tf

Lines changed: 0 additions & 23 deletions
This file was deleted.

modules/security-groups/resources/output.tf

Lines changed: 0 additions & 3 deletions
This file was deleted.

modules/security-groups/resources/variables.tf

Lines changed: 0 additions & 24 deletions
This file was deleted.

modules/security-groups/variables.tf

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,3 +13,8 @@ variable "cluster_environment" {
1313
type = string
1414
}
1515

16+
variable "cluster_architecture" {
17+
description = "To apply generic cluster_environment to AWS VPC Resources"
18+
type = string
19+
}
20+

0 commit comments

Comments
 (0)