Home Explore Help
Register Sign In
AFS
/
xdr-terraform-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #16 from mdr-engineering/feature/ftd_MSOCI-1277_Building_the_Interconnects

Small Fixes for Interconnect Work
Frederick Damstra 5 years ago
parent
92c7347eca bb84900e14
commit
19da8a1804
15 changed files with 157 additions and 216 deletions
Split View Show Diff Stats
  1. 0 0
      base/interconnects/README.md
  2. 4 4
      base/interconnects/cloud-init.tf
  3. 3 2
      base/interconnects/cloud-init/cloud-init.tpl
  4. 0 0
      base/interconnects/cloud-init/cloud-init.tpl.toomuch
  5. 99 0
      base/interconnects/main.tf
  6. 24 0
      base/interconnects/outputs.tf
  7. 7 7
      base/interconnects/security-groups.tf
  8. 3 3
      base/interconnects/vars.tf
  9. 0 0
      base/interconnects/version.tf
  10. 8 8
      base/transit-gateway-interconnect-vpn/main.tf
  11. 6 6
      base/transit-gateway-interconnect-vpn/outputs.tf
  12. 3 3
      base/transit-gateway-interconnect-vpn/vars.tf
  13. 0 60
      base/xdr_interconnects/asg/main.tf
  14. 0 99
      base/xdr_interconnects/main.tf
  15. 0 24
      base/xdr_interconnects/outputs.tf

+ 0 - 0
base/xdr_interconnects/README.md → base/interconnects/README.md
View File


+ 4 - 4
base/xdr_interconnects/cloud-init.tf → base/interconnects/cloud-init.tf
View File 

@@ -1,12 +1,12 @@
 
 data "template_file" "cloud-init" {
 
-  count = var.xdr_interconnects_count
 
+  count = var.interconnects_count
 
 
   # Should these be in a common directory? I suspect they'd be reusable
 
   template = "${file("${path.module}/cloud-init/cloud-init.tpl")}"
 
 
   vars = {
 
-    hostname = "xdr-interconnect-${count.index}"
 
-    fqdn = "xdr-interconnect-${count.index}.${var.dns_private["name"]}"
 
+    hostname = "interconnect-${count.index}"
 
+    fqdn = "interconnect-${count.index}.${var.dns_private["name"]}"
 
     saltmaster = "salt-master.${ var.dns_public["name"] }"
 
     environment = var.environment
 
   }
 
@@ -15,7 +15,7 @@ data "template_file" "cloud-init" {
 
 # Render a multi-part cloud-init config making use of the part
 
 # above, and other source files
 
 data "template_cloudinit_config" "cloud-init" {
 
-  count = var.xdr_interconnects_count
 
+  count = var.interconnects_count
 
   gzip          = true
 
   base64_encode = true

+ 3 - 2
base/xdr_interconnects/cloud-init/cloud-init.tpl → base/interconnects/cloud-init/cloud-init.tpl
View File 

@@ -26,9 +26,10 @@ growpart:
 
   ignore_growroot_disabled: false
 
 
 runcmd:
 
- - echo "${fqdn}" > /etc/salt/minion_id
 
+ - 'echo ${fqdn} > /etc/salt/minion_id'
 
  - 'echo master: ${saltmaster} > /etc/salt/minion'
 
- - echo "${ environment }" > /ENVIRONMENT
 
+ - 'echo grains: > /etc/salt/minion.d/environment.conf'
 
+ - 'echo "  environment: " ${ environment } >> /etc/salt/minion.d/environment.conf'
 
  - /bin/systemctl restart salt-minion 
  - /bin/systemctl enable salt-minion
 
  - /bin/systemctl start amazon-ssm-agent

+ 0 - 0
base/xdr_interconnects/cloud-init/cloud-init.tpl.toomuch → base/interconnects/cloud-init/cloud-init.tpl.toomuch
View File


+ 99 - 0
base/interconnects/main.tf
View File 

@@ -0,0 +1,99 @@
 
+resource "aws_placement_group" "interconnects" {
 
+  # Distribute them
 
+  name     = "interconnects"
 
+  strategy = "spread"
 
+}
 
+
 
+resource "aws_network_interface" "interconnects" {
 
+  count = var.interconnects_count
 
+  subnet_id = var.subnet_id_map["untrusted"][count.index % 2]
 
+  security_groups = [ aws_security_group.interconnects_sg.id ]
 
+  source_dest_check = false
 
+  private_ips_count = 0
 
+  description = "XDR Interconnect ${count.index}"
 
+  tags = {
 
+    Name = "interconnect-${count.index}"
 
+  }
 
+}
 
+
 
+resource "aws_eip" "interconnects" {
 
+  count = var.interconnects_count
 
+  vpc = true
 
+  tags = {
 
+    Name = "interconnect-${count.index}"
 
+  }
 
+}
 
+
 
+resource "aws_eip_association" "interconnects" {
 
+  count = var.interconnects_count
 
+  network_interface_id = aws_network_interface.interconnects[count.index].id
 
+  allocation_id = aws_eip.interconnects[count.index].id
 
+}
 
+
 
+output "ami" {
 
+  value = var.default_ami
 
+}
 
+
 
+resource "aws_instance" "interconnects" {
 
+  count = var.interconnects_count
 
+  availability_zone = var.azs[count.index % 2]
 
+  placement_group = aws_placement_group.interconnects.id
 
+  tenancy = "default"
 
+  ebs_optimized = true
 
+  disable_api_termination = var.instance_termination_protection
 
+  instance_initiated_shutdown_behavior = "stop"
 
+  instance_type = var.interconnects_instance_type
 
+  key_name = var.interconnects_key_name
 
+  monitoring = false
 
+
 
+  ami = var.default_ami
 
+  lifecycle { ignore_changes = [ ami ] }
 
+
 
+  tags = merge(
 
+    var.standard_tags,
 
+    var.tags,
 
+    { 
+      Name = "interconnect-${count.index}"
 
+    }
 
+  )
 
+
 
+  root_block_device {
 
+      volume_type = "gp2"
 
+      #volume_size = "60"
 
+      delete_on_termination = true
 
+  }
 
+
 
+  network_interface {
 
+    device_index = 0
 
+    network_interface_id = aws_network_interface.interconnects[count.index].id
 
+  }
 
+
 
+  user_data = data.template_cloudinit_config.cloud-init[count.index].rendered
 
+  iam_instance_profile = "msoc-default-instance-profile"
 
+
 
+  #lifecycle {
 
+    # This might allow us to update/replace easier?
 
+    #create_before_destroy = true
 
+  #}
 
+}
 
+
 
+# DNS Records
 
+resource "aws_route53_record" "interconnects" {
 
+  count = var.interconnects_count
 
+  name = "interconnect-${ var.environment }-${ count.index }"
 
+  type = "A"
 
+  ttl  = 300
 
+  zone_id = var.dns_public["id"]
 
+  records = [ aws_eip.interconnects[count.index].public_ip ]
 
+  provider = aws.legacy
 
+}
 
+
 
+resource "aws_route53_record" "interconnects_pvt" {
 
+  count = var.interconnects_count
 
+  name = "interconnect-${ count.index }"
 
+  type = "A"
 
+  ttl  = 300
 
+  zone_id = var.dns_private["id"]
 
+  records = [ aws_instance.interconnects[count.index].private_ip ]
 
+  provider = aws.legacy
 
+}

+ 24 - 0
base/interconnects/outputs.tf
View File 

@@ -0,0 +1,24 @@
 
+output "instance_ids" {
 
+    value = aws_instance.interconnects[*].id
 
+}
 
+
 
+#output "private_ips" {
 
+#    value = aws_network_interface.interconnects[*].private_ips
 
+#}
 
+
 
+output "private_ips" {
 
+  # We only want the first one
 
+  value = [ for i in aws_network_interface.interconnects[*].private_ips: tolist(i)[0] ]
 
+}
 
+
 
+output "public_ips" {
 
+    value = aws_eip.interconnects[*].public_ip
 
+}
 
+
 
+output "public_dns" {
 
+  value = aws_route53_record.interconnects[*].fqdn
 
+}
 
+
 
+output "private_dns" {
 
+  value = aws_route53_record.interconnects_pvt[*].fqdn
 
+}

+ 7 - 7
base/xdr_interconnects/security-groups.tf → base/interconnects/security-groups.tf
View File 

@@ -1,5 +1,5 @@
 
-resource "aws_security_group" "xdr_interconnects_sg" {
 
-  name        = "xdr_interconnects_sg"
 
+resource "aws_security_group" "interconnects_sg" {
 
+  name        = "interconnects_sg"
 
   description = "Security Rules Specific to XDR interconnects"
 
   vpc_id      = var.security_vpc
 
 
@@ -12,7 +12,7 @@ resource "aws_security_group_rule" "trusted_ssh" {
 
   to_port           = 22
 
   protocol          = "tcp"
 
   cidr_blocks       = var.trusted_ips
 
-  security_group_id = aws_security_group.xdr_interconnects_sg.id
 
+  security_group_id = aws_security_group.interconnects_sg.id
 
 }
 
 
 resource "aws_security_group_rule" "ipsec_l2tp_ingress" {
 
@@ -21,7 +21,7 @@ resource "aws_security_group_rule" "ipsec_l2tp_ingress" {
 
   to_port           = 1701
 
   protocol          = "udp"
 
   cidr_blocks       = [ "0.0.0.0/0" ]
 
-  security_group_id = aws_security_group.xdr_interconnects_sg.id
 
+  security_group_id = aws_security_group.interconnects_sg.id
 
 }
 
 
 resource "aws_security_group_rule" "ipsec_ike_ingress" {
 
@@ -30,7 +30,7 @@ resource "aws_security_group_rule" "ipsec_ike_ingress" {
 
   to_port           = 500
 
   protocol          = "udp"
 
   cidr_blocks       = [ "0.0.0.0/0" ]
 
-  security_group_id = aws_security_group.xdr_interconnects_sg.id
 
+  security_group_id = aws_security_group.interconnects_sg.id
 
 }
 
 
 resource "aws_security_group_rule" "ipsec_ike_nat_t_ingress" {
 
@@ -39,7 +39,7 @@ resource "aws_security_group_rule" "ipsec_ike_nat_t_ingress" {
 
   to_port           = 4500
 
   protocol          = "udp"
 
   cidr_blocks       = [ "0.0.0.0/0" ]
 
-  security_group_id = aws_security_group.xdr_interconnects_sg.id
 
+  security_group_id = aws_security_group.interconnects_sg.id
 
 }
 
 
 resource "aws_security_group_rule" "ipsec_egress" {
 
@@ -48,5 +48,5 @@ resource "aws_security_group_rule" "ipsec_egress" {
 
   to_port           = 0 # all ports
 
   protocol          = "all"
 
   cidr_blocks       = [ "0.0.0.0/0" ]
 
-  security_group_id = aws_security_group.xdr_interconnects_sg.id
 
+  security_group_id = aws_security_group.interconnects_sg.id
 
 }

+ 3 - 3
base/xdr_interconnects/vars.tf → base/interconnects/vars.tf
View File 

@@ -3,9 +3,9 @@ variable azs { type = list }
 
 variable subnet_id_map { type = map }
 
 variable tags { type = map }
 
 
-variable xdr_interconnects_instance_type { type = string }
 
-variable xdr_interconnects_key_name { type = string }
 
-variable xdr_interconnects_count { type = number }
 
+variable interconnects_instance_type { type = string }
 
+variable interconnects_key_name { type = string }
 
+variable interconnects_count { type = number }
 
 
 variable "instance_termination_protection" { type = bool }
 
 variable "standard_tags" { type        = map }

+ 0 - 0
base/xdr_interconnects/version.tf → base/interconnects/version.tf
View File


+ 8 - 8
base/transit-gateway-interconnect-vpn/main.tf
View File 

@@ -1,15 +1,15 @@
 
-resource "aws_customer_gateway" "xdr_attachment" {
 
-  count = var.xdr_interconnects_count
 
-  bgp_asn = var.xdr_interconnect_asn
 
-  ip_address = var.xdr_interconnect_public_ips[count.index]
 
+resource "aws_customer_gateway" "attachment" {
 
+  count = var.interconnects_count
 
+  bgp_asn = var.interconnect_asn
 
+  ip_address = var.interconnect_public_ips[count.index]
 
   type = "ipsec.1"
 
   tags = merge(var.standard_tags, var.tags)
 
 }
 
 
-resource "aws_vpn_connection" "xdr_vpn" {
 
-  count = var.xdr_interconnects_count
 
-  customer_gateway_id = aws_customer_gateway.xdr_attachment[count.index].id
 
+resource "aws_vpn_connection" "vpn" {
 
+  count = var.interconnects_count
 
+  customer_gateway_id = aws_customer_gateway.attachment[count.index].id
 
   transit_gateway_id  = var.transit_gateway_id
 
-  type                = aws_customer_gateway.xdr_attachment[count.index].type
 
+  type                = aws_customer_gateway.attachment[count.index].type
 
   tags = merge(var.standard_tags, var.tags)
 
 }

+ 6 - 6
base/transit-gateway-interconnect-vpn/outputs.tf
View File 

@@ -2,9 +2,9 @@
 
 # centralized place to get all of the data needed to setup the VPN connections.
 
 output vpn_info {
 
   value = [
 
-      for index, connection in aws_vpn_connection.xdr_vpn:
 
+      for index, connection in aws_vpn_connection.vpn:
 
       {
 
-        "cgw_public_ip" = var.xdr_interconnect_public_ips[index]
 
+        "cgw_public_ip" = var.interconnect_public_ips[index]
 
         "vgw_public_ips" = [
 
             connection.tunnel1_address, 
             connection.tunnel2_address
 
@@ -22,7 +22,7 @@ output vpn_info {
 
           connection.tunnel2_preshared_key
 
         ]
 
         "vgw_bgp_asn" = connection.tunnel1_bgp_asn, # Tunnel 1 and 2 are same
 
-        "cgw_bgp_asn" = var.xdr_interconnect_asn
 
+        "cgw_bgp_asn" = var.interconnect_asn
 
       }
 
   ]
 
 }
 
@@ -32,9 +32,9 @@ output yaml {
 
   value = yamlencode({
 
     "" = {
 
       (var.aws_partition_alias) = [
 
-        for index, connection in aws_vpn_connection.xdr_vpn:
 
+        for index, connection in aws_vpn_connection.vpn:
 
         {
 
-          "cgw_public_ip" = var.xdr_interconnect_public_ips[index]
 
+          "cgw_public_ip" = var.interconnect_public_ips[index]
 
           "vgw_public_ips" = [
 
               connection.tunnel1_address, 
               connection.tunnel2_address
 
@@ -52,7 +52,7 @@ output yaml {
 
             connection.tunnel2_preshared_key
 
           ]
 
           "vgw_bgp_asn" = connection.tunnel1_bgp_asn, # Tunnel 1 and 2 are same
 
-          "cgw_bgp_asn" = var.xdr_interconnect_asn
 
+          "cgw_bgp_asn" = var.interconnect_asn
 
         }
 
       ]
 
     }

+ 3 - 3
base/transit-gateway-interconnect-vpn/vars.tf
View File 

@@ -1,7 +1,7 @@
 
-variable xdr_interconnect_public_ips { type = list }
 
+variable interconnect_public_ips { type = list }
 
 variable transit_gateway_id { type = string }
 
-variable xdr_interconnects_count { type = number }
 
-variable xdr_interconnect_asn { type = number }
 
+variable interconnects_count { type = number }
 
+variable interconnect_asn { type = number }
 
 variable standard_tags { type = map }
 
 variable tags { type = map }
 
 variable environment { type = string }

+ 0 - 60
base/xdr_interconnects/asg/main.tf
View File 

@@ -1,60 +0,0 @@
 
-resource "aws_placement_group" "xdr_interconnects" {
 
-  # Distribute them
 
-  name     = "xdr_interconnects"
 
-  strategy = "spread"
 
-}
 
-
 
-resource "aws_launch_template" "xdr_interconnects" {
 
-  name = "xdr-interconnect"
 
-  instance_type = var.xdr_interconnects_instance_type
 
-  image_id = data.aws_ami.ubuntu_pro.image_id
 
-  user_data = data.template_cloudinit_config.cloud-init.rendered
 
-  ebs_optimized = true
 
-  network_interfaces {
 
-    associate_public_ip_address = true
 
-    delete_on_termination = true
 
-    security_groups = [ aws_security_group.xdr_interconnects_sg.id ]
 
-  }
 
-  key_name = var.xdr_interconnects_key_name
 
-  #iam_instance_profile    = {
 
-  #  name = "${var.iam_instance_profile}"
 
-  #}
 
-  block_device_mappings {
 
-    device_name = "/dev/sda1"
 
-    ebs {
 
-      #volume_size = 10
 
-      volume_type = "gp2"
 
-      encrypted   = true
 
-      delete_on_termination = true
 
-    }
 
-  }
 
-  lifecycle {
 
-    create_before_destroy = true
 
-  }
 
-}
 
-
 
-resource "aws_autoscaling_group" "splunk_indexer_asg" {
 
-  name                 = "xdr-interconnect"
 
-
 
-  max_size                  = var.xdr_interconnects_max_count
 
-  min_size                  = var.xdr_interconnects_min_count
 
-  health_check_grace_period = 300
 
-  health_check_type         = "EC2"
 
-  desired_capacity          = var.xdr_interconnects_desired_count
 
-  force_delete              = true
 
-  placement_group           = aws_placement_group.xdr_interconnects.id
 
-  vpc_zone_identifier       = var.subnet_id_map["untrusted"]
 
-
 
-  # ?
 
-  #launch_configuration      = "${aws_launch_configuration.foobar.name}"
 
-
 
-  launch_template {
 
-    id      = aws_launch_template.xdr_interconnects.id
 
-    version = "$Latest"
 
-  }
 
-
 
-  tags = merge(
 
-    var.standard_tags,
 
-    var.tags
 
-  )
 
-}

+ 0 - 99
base/xdr_interconnects/main.tf
View File 

@@ -1,99 +0,0 @@
 
-resource "aws_placement_group" "xdr_interconnects" {
 
-  # Distribute them
 
-  name     = "xdr_interconnects"
 
-  strategy = "spread"
 
-}
 
-
 
-resource "aws_network_interface" "xdr_interconnects" {
 
-  count = var.xdr_interconnects_count
 
-  subnet_id = var.subnet_id_map["untrusted"][count.index % 2]
 
-  security_groups = [ aws_security_group.xdr_interconnects_sg.id ]
 
-  source_dest_check = false
 
-  private_ips_count = 0
 
-  description = "XDR Interconnect ${count.index}"
 
-  tags = {
 
-    Name = "xdr-interconnect-${count.index}"
 
-  }
 
-}
 
-
 
-resource "aws_eip" "xdr_interconnects" {
 
-  count = var.xdr_interconnects_count
 
-  vpc = true
 
-  tags = {
 
-    Name = "xdr-interconnect-${count.index}"
 
-  }
 
-}
 
-
 
-resource "aws_eip_association" "xdr_interconnects" {
 
-  count = var.xdr_interconnects_count
 
-  network_interface_id = aws_network_interface.xdr_interconnects[count.index].id
 
-  allocation_id = aws_eip.xdr_interconnects[count.index].id
 
-}
 
-
 
-output "ami" {
 
-  value = var.default_ami
 
-}
 
-
 
-resource "aws_instance" "xdr_interconnects" {
 
-  count = var.xdr_interconnects_count
 
-  availability_zone = var.azs[count.index % 2]
 
-  placement_group = aws_placement_group.xdr_interconnects.id
 
-  tenancy = "default"
 
-  ebs_optimized = true
 
-  disable_api_termination = var.instance_termination_protection
 
-  instance_initiated_shutdown_behavior = "stop"
 
-  instance_type = var.xdr_interconnects_instance_type
 
-  key_name = var.xdr_interconnects_key_name
 
-  monitoring = false
 
-
 
-  ami = var.default_ami
 
-  lifecycle { ignore_changes = [ ami ] }
 
-
 
-  tags = merge(
 
-    var.standard_tags,
 
-    var.tags,
 
-    { 
-      Name = "xdr-interconnect-${count.index}"
 
-    }
 
-  )
 
-
 
-  root_block_device {
 
-      volume_type = "gp2"
 
-      #volume_size = "60"
 
-      delete_on_termination = true
 
-  }
 
-
 
-  network_interface {
 
-    device_index = 0
 
-    network_interface_id = aws_network_interface.xdr_interconnects[count.index].id
 
-  }
 
-
 
-  user_data = data.template_cloudinit_config.cloud-init[count.index].rendered
 
-  #iam_instance_profile = var.instance_profile_names[count.index]
 
-
 
-  #lifecycle {
 
-    # This might allow us to update/replace easier?
 
-    #create_before_destroy = true
 
-  #}
 
-}
 
-
 
-# DNS Records
 
-resource "aws_route53_record" "xdr_interconnects" {
 
-  count = var.xdr_interconnects_count
 
-  name = "xdr-interconnect-${ var.environment }-${ count.index }"
 
-  type = "A"
 
-  ttl  = 300
 
-  zone_id = var.dns_public["id"]
 
-  records = [ aws_eip.xdr_interconnects[count.index].public_ip ]
 
-  provider = aws.legacy
 
-}
 
-
 
-resource "aws_route53_record" "xdr_interconnects_pvt" {
 
-  count = var.xdr_interconnects_count
 
-  name = "xdr-interconnect-${ count.index }"
 
-  type = "A"
 
-  ttl  = 300
 
-  zone_id = var.dns_private["id"]
 
-  records = [ aws_instance.xdr_interconnects[count.index].private_ip ]
 
-  provider = aws.legacy
 
-}

+ 0 - 24
base/xdr_interconnects/outputs.tf
View File 

@@ -1,24 +0,0 @@
 
-output "instance_ids" {
 
-    value = aws_instance.xdr_interconnects[*].id
 
-}
 
-
 
-#output "private_ips" {
 
-#    value = aws_network_interface.xdr_interconnects[*].private_ips
 
-#}
 
-
 
-output "private_ips" {
 
-  # We only want the first one
 
-  value = [ for i in aws_network_interface.xdr_interconnects[*].private_ips: tolist(i)[0] ]
 
-}
 
-
 
-output "public_ips" {
 
-    value = aws_eip.xdr_interconnects[*].public_ip
 
-}
 
-
 
-output "public_dns" {
 
-  value = aws_route53_record.xdr_interconnects[*].fqdn
 
-}
 
-
 
-output "private_dns" {
 
-  value = aws_route53_record.xdr_interconnects_pvt[*].fqdn
 
-}