diff --git a/examples/echoserver-deployment.yaml b/examples/echoserver-deployment.yaml
deleted file mode 100644
index 4b6ff15e..00000000
--- a/examples/echoserver-deployment.yaml
+++ /dev/null
@@ -1,61 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: echoserver
- namespace: fargate
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: echoserver
- template:
- metadata:
- labels:
- app: echoserver
- spec:
- containers:
- - image: gcr.io/google_containers/echoserver:1.0
- imagePullPolicy: Always
- name: echoserver
- ports:
- - containerPort: 8080
----
-apiVersion: v1
-kind: Service
-metadata:
- name: echoserver
- namespace: fargate
-spec:
- ports:
- - port: 80
- targetPort: 8080
- protocol: TCP
- selector:
- app: echoserver
- type: NodePort
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
- name: echoserver
- namespace: fargate
- annotations:
- kubernetes.io/ingress.class: alb
- alb.ingress.kubernetes.io/scheme: internet-facing
- alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-2-2017-01
- alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:730809894724:certificate/fa029132-86ab-4342-96e2-8e1fd5c56c29
- alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
- alb.ingress.kubernetes.io/target-type: ip
- external-dns.alpha.kubernetes.io/hostname: echo.maddevs.org
- alb.ingress.kubernetes.io/success-codes: "200"
- alb.ingress.kubernetes.io/healthcheck-path: "/"
-spec:
- rules:
- - host: echo.maddevs.org
- http:
- paths:
- - path: /
- backend:
- serviceName: echoserver
- servicePort: 80
diff --git a/examples/wordpress-deployment-external-secrets.yml b/examples/wordpress-deployment-external-secrets.yml
deleted file mode 100644
index 1942090c..00000000
--- a/examples/wordpress-deployment-external-secrets.yml
+++ /dev/null
@@ -1,104 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: wordpress
- labels:
- app: wordpress
-spec:
- ports:
- - port: 80
- selector:
- app: wordpress
- tier: frontend
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: wp-pv-claim
- labels:
- app: wordpress
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 20Gi
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- annotations:
- secret.reloader.stakater.com/reload: "wp"
- name: wordpress
- labels:
- app: wordpress
-spec:
- selector:
- matchLabels:
- app: wordpress
- tier: frontend
- strategy:
- type: Recreate
- template:
- metadata:
- annotations:
- co.elastic.metrics/module: apache
- co.elastic.metrics/hosts: '${data.host}:80'
- co.elastic.logs/module: apache
- co.elastic.logs/fileset.stdout: access
- co.elastic.logs/fileset.stderr: error
- labels:
- app: wordpress
- tier: frontend
- spec:
- containers:
- - image: wordpress:5.4.2-apache
- name: wordpress
- envFrom:
- - secretRef:
- name: wp
- ports:
- - containerPort: 80
- name: wordpress
- volumeMounts:
- - name: wordpress-persistent-storage
- mountPath: /var/www/html
- volumes:
- - name: wordpress-persistent-storage
- persistentVolumeClaim:
- claimName: wp-pv-claim
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
- name: wordpress
-
- annotations:
- kubernetes.io/ingress.class: "nginx"
- nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-spec:
- rules:
- - host: wp.maddevs.org
- http:
- paths:
- - path: /
- backend:
- serviceName: wordpress
- servicePort: 80
----
-apiVersion: 'kubernetes-client.io/v1'
-kind: ExternalSecret
-metadata:
- name: wp
-spec:
- backendType: systemManager
-# roleArn:
- data:
- - key: /wp/database/username
- name: WORDPRESS_DB_USER
- - key: /wp/database/password
- name: WORDPRESS_DB_PASSWORD
- - key: /wp/database/database
- name: WORDPRESS_DB_NAME
- - key: /wp/database/address
- name: WORDPRESS_DB_HOST
\ No newline at end of file
diff --git a/examples/wordpress-deployment.yml b/examples/wordpress-deployment.yml
deleted file mode 100644
index eedfbccc..00000000
--- a/examples/wordpress-deployment.yml
+++ /dev/null
@@ -1,107 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: wordpress
- namespace: wp
- labels:
- app: wordpress
-spec:
- ports:
- - port: 80
- selector:
- app: wordpress
- tier: frontend
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: wp-pv-claim
- namespace: wp
- labels:
- app: wordpress
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 20Gi
----
-apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
-kind: Deployment
-metadata:
- name: wordpress
- namespace: wp
- labels:
- app: wordpress
-spec:
- selector:
- matchLabels:
- app: wordpress
- tier: frontend
- strategy:
- type: Recreate
- template:
- metadata:
- annotations:
- co.elastic.metrics/module: apache
- co.elastic.metrics/hosts: '${data.host}:80'
- co.elastic.logs/module: apache
- co.elastic.logs/fileset.stdout: access
- co.elastic.logs/fileset.stderr: error
- labels:
- app: wordpress
- tier: frontend
- spec:
- containers:
- - image: wordpress:5.4.2-apache
- name: wordpress
- env:
- - name: WORDPRESS_DB_HOST
- valueFrom:
- secretKeyRef:
- name: mysql-connection
- key: db-host
- - name: WORDPRESS_DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: mysql-connection
- key: db-password
- - name: WORDPRESS_DB_NAME
- valueFrom:
- secretKeyRef:
- name: mysql-connection
- key: db-name
- - name: WORDPRESS_DB_USER
- valueFrom:
- secretKeyRef:
- name: mysql-connection
- key: db-user
- ports:
- - containerPort: 80
- name: wordpress
- volumeMounts:
- - name: wordpress-persistent-storage
- mountPath: /var/www/html
- volumes:
- - name: wordpress-persistent-storage
- persistentVolumeClaim:
- claimName: wp-pv-claim
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
- name: wordpress
- namespace: wp
- annotations:
- kubernetes.io/ingress.class: "nginx"
- nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-spec:
- rules:
- - host: wp.maddevs.org
- http:
- paths:
- - path: /
- backend:
- serviceName: wordpress
- servicePort: 80
-
diff --git a/helm-charts/pg-exporter-user/.helmignore b/helm-charts/pg-exporter-user/.helmignore
deleted file mode 100644
index 0e8a0eb3..00000000
--- a/helm-charts/pg-exporter-user/.helmignore
+++ /dev/null
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
diff --git a/helm-charts/pg-exporter-user/Chart.yaml b/helm-charts/pg-exporter-user/Chart.yaml
deleted file mode 100644
index b16adf71..00000000
--- a/helm-charts/pg-exporter-user/Chart.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: v2
-name: pg-exporter-user
-description: A Helm chart for Kubernetes
-
-type: application
-
-version: 1.0.0
-
-appVersion: 1.0.0
diff --git a/helm-charts/pg-exporter-user/templates/_helpers.tpl b/helm-charts/pg-exporter-user/templates/_helpers.tpl
deleted file mode 100644
index 4134cb87..00000000
--- a/helm-charts/pg-exporter-user/templates/_helpers.tpl
+++ /dev/null
@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "pg-exporter-user.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "pg-exporter-user.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "pg-exporter-user.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "pg-exporter-user.labels" -}}
-helm.sh/chart: {{ include "pg-exporter-user.chart" . }}
-{{ include "pg-exporter-user.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "pg-exporter-user.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "pg-exporter-user.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "pg-exporter-user.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "pg-exporter-user.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
diff --git a/helm-charts/pg-exporter-user/templates/job.yaml b/helm-charts/pg-exporter-user/templates/job.yaml
deleted file mode 100644
index 902dccd1..00000000
--- a/helm-charts/pg-exporter-user/templates/job.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "pg-exporter-user.fullname" . }}
- labels:
- {{- include "pg-exporter-user.labels" . | nindent 4 }}
-spec:
- activeDeadlineSeconds: {{ .Values.activeDeadlineSeconds }}
- backoffLimit: {{ .Values.backoffLimit }}
- ttlSecondsAfterFinished: {{ .Values.ttlSecondsAfterFinished }}
- template:
- metadata:
- labels:
- {{- include "pg-exporter-user.selectorLabels" . | nindent 8 }}
- spec:
- restartPolicy: OnFailure
- containers:
- - name: {{ .Chart.Name }}
- image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
- env:
- {{- if .Values.Envs }}
- {{ toYaml .Values.Envs | nindent 12 }}
- {{- end }}
- {{- with .Values.args }}
- args:
- {{- toYaml . | nindent 12 }}
- {{- end }}
- {{- with .Values.command }}
- command:
- {{- toYaml . | nindent 12 }}
- {{- end }}
- resources:
- {{- toYaml .Values.resources | nindent 12 }}
diff --git a/helm-charts/pg-exporter-user/values.yaml b/helm-charts/pg-exporter-user/values.yaml
deleted file mode 100644
index fb817f9c..00000000
--- a/helm-charts/pg-exporter-user/values.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-image:
- repository: dymokd/pg-exporter-user
- tag: latest
- pullPolicy: IfNotPresent
-
-ttlSecondsAfterFinished: 0
-activeDeadlineSeconds: 3600
-backoffLimit: 6
-
-Envs: {}
-
-command: []
-
-args: []
-
diff --git a/helm-charts/postgresql-backups/.helmignore b/helm-charts/postgresql-backups/.helmignore
deleted file mode 100644
index 0e8a0eb3..00000000
--- a/helm-charts/postgresql-backups/.helmignore
+++ /dev/null
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
diff --git a/helm-charts/postgresql-backups/Chart.yaml b/helm-charts/postgresql-backups/Chart.yaml
deleted file mode 100644
index 12af288c..00000000
--- a/helm-charts/postgresql-backups/Chart.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: v2
-name: postgresql-backups
-description: A Helm chart for Kubernetes
-
-type: application
-
-version: 1.0.0
-
-appVersion: 1.0.0
diff --git a/helm-charts/postgresql-backups/templates/_helpers.tpl b/helm-charts/postgresql-backups/templates/_helpers.tpl
deleted file mode 100644
index f49e41c7..00000000
--- a/helm-charts/postgresql-backups/templates/_helpers.tpl
+++ /dev/null
@@ -1,67 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "postgresql-backups.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "postgresql-backups.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "postgresql-backups.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "postgresql-backups.labels" -}}
-helm.sh/chart: {{ include "postgresql-backups.chart" . }}
-{{ include "postgresql-backups.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "postgresql-backups.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "postgresql-backups.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "postgresql-backups.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "postgresql-backups.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
-
-{{- define "scheduler.jobname" -}}
-{{- $name := include "postgresql-backups.fullname" . | trunc 55 | trimSuffix "-" -}}
-{{- printf "%s-%s" $name "scheduler" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
diff --git a/helm-charts/postgresql-backups/templates/externalsecret.yaml b/helm-charts/postgresql-backups/templates/externalsecret.yaml
deleted file mode 100644
index b8261e6e..00000000
--- a/helm-charts/postgresql-backups/templates/externalsecret.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-{{- if .Values.ExternalSecret.enabled -}}
-apiVersion: 'kubernetes-client.io/v1'
-kind: ExternalSecret
-metadata:
- name: {{ include "postgresql-backups.fullname" . }}
-spec:
- backendType: systemManager
- data:
- {{- if .Values.ExternalSecret.Envs }}
- {{ toYaml .Values.ExternalSecret.Envs | nindent 12 }}
- {{- end }}
-{{- end }}
diff --git a/helm-charts/postgresql-backups/templates/scheduler.yaml b/helm-charts/postgresql-backups/templates/scheduler.yaml
deleted file mode 100644
index c379430b..00000000
--- a/helm-charts/postgresql-backups/templates/scheduler.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-{{- if .Values.scheduler.enabled }}
-apiVersion: batch/v1beta1
-kind: CronJob
-metadata:
- name: {{ include "scheduler.jobname" . }}
- labels:
- {{- include "postgresql-backups.labels" . | nindent 4 }}
- annotations:
- secret.reloader.stakater.com/reload: {{ include "scheduler.jobname" . }}
-spec:
- jobTemplate:
- spec:
- template:
- metadata:
- labels:
- {{- include "postgresql-backups.selectorLabels" . | nindent 12 }}
- spec:
- containers:
- - name: {{ include "scheduler.jobname" . }}
- image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- envFrom:
- - secretRef:
- name: {{ include "postgresql-backups.fullname" . }}
- command: {{ .Values.scheduler.command }}
- {{- with .Values.scheduler.args }}
- args:
- {{ toYaml . | nindent 14 }}
- {{- end }}
- resources:
- {{- toYaml .Values.scheduler.resources | nindent 14 }}
- restartPolicy: {{ .Values.scheduler.restartPolicy }}
- schedule: {{ .Values.scheduler.schedule | quote }}
- successfulJobsHistoryLimit: {{ .Values.scheduler.successfulJobsHistoryLimit }}
- concurrencyPolicy: {{ .Values.scheduler.concurrencyPolicy }}
- failedJobsHistoryLimit: {{ .Values.scheduler.failedJobsHistoryLimit }}
-{{- end }}
diff --git a/helm-charts/postgresql-backups/values.yaml b/helm-charts/postgresql-backups/values.yaml
deleted file mode 100644
index 6628fa83..00000000
--- a/helm-charts/postgresql-backups/values.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-image:
- repository: dymokd/pg-backups-s3
- tag: latest
- pullPolicy: IfNotPresent
-
-ExternalSecret:
- enabled: false
- Envs: {}
-
-scheduler:
- enabled: false
- schedule: "0 4 25 * *"
- resources:
- limits:
- cpu: 100m
- memory: 256Mi
- requests:
- cpu: 100m
- memory: 256Mi
- successfulJobsHistoryLimit: 5
- concurrencyPolicy: Forbid
- failedJobsHistoryLimit: 5
- restartPolicy: OnFailure
-
diff --git a/terraform/layer1-aws/.terraform.lock.hcl b/terraform/layer1-aws/.terraform.lock.hcl
deleted file mode 100644
index 197d7fbe..00000000
--- a/terraform/layer1-aws/.terraform.lock.hcl
+++ /dev/null
@@ -1,105 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/aws" {
- version = "5.1.0"
- constraints = ">= 2.49.0, >= 3.0.0, >= 3.34.0, >= 3.35.0, >= 3.72.0, >= 4.0.0, >= 4.7.0, >= 4.35.0, >= 4.40.0, >= 4.47.0, 5.1.0"
- hashes = [
- "h1:iDyYmwv8q94Dvr4DRG1KBxTWPZRFkRmKGa3cjCEsPZU=",
- "zh:0c48f157b804c1f392adb5c14b81e756c652755e358096300ea8dd1283021129",
- "zh:1a50495a6c0e5665e51df57dac6e781ec71439b11ebf05f971b6f3a3eb4eb7b2",
- "zh:2959ff472c05e56d59e012118dd8d55022f005534c0ae961ce81136de9f66a4d",
- "zh:2dfda9133581b99ed6e709e89a453fd2974ce88c703d3e073ec31bf99d7508ce",
- "zh:2f3d92cc7a6624da42cee2202f8fb23e6d38f156ab7851884d637282cb0dc709",
- "zh:3bc2a34d09cbaf439a1815846904f070c782cd8dfd60b5e0116827cda25f7549",
- "zh:4ef43f1a247aa8de8690ac3bbc2b00ebaf6b2872fc8d0f5130e4a8130c874b87",
- "zh:5477cb272dcaeb0030091bcf23a9f0f33b5410e44e317e9d3d49446f545dbaa4",
- "zh:734c8fb4c0b79c82dd757566761dda5b91ee1ef9a2b848a748ade11e0e1cc69f",
- "zh:80346c051b677f4f018da7fe06318b87c5bd0f1ec67ce78ab33baed3bb8b031a",
- "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
- "zh:a865b2f88dfee13df14116c5cf53d033d2c15855f4b59b9c65337309a928df2c",
- "zh:c0345f266eedaece5612c1000722b302f895d1bc5af1d5a4265f0e7000ca48bb",
- "zh:d59703c8e6a9d8b4fbd3b4583b945dfff9cb2844c762c0b3990e1cef18282279",
- "zh:d8d04a6a6cd2dfcb23b57e551db7b15e647f6166310fb7d883d8ec67bdc9bdc8",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/cloudinit" {
- version = "2.3.3"
- constraints = ">= 2.0.0"
- hashes = [
- "h1:GmJ8PxLjjPr+lh02Bw3u7RYqA3UtpE2hQ1T43Vt7PTQ=",
- "zh:0bd6ee14ca5cf0f0c83d3bb965346b1225ccd06a6247e80774aaaf54c729daa7",
- "zh:3055ad0dcc98de1d4e45b72c5889ae91b62f4ae4e54dbc56c4821be0fdfbed91",
- "zh:32764cfcff0d7379ca8b7dde376ac5551854d454c5881945f1952b785a312fa2",
- "zh:55c2a4dc3ebdeaa1dec3a36db96dab253c7fa10b9fe1209862e1ee77a01e0aa1",
- "zh:5c71f260ba5674d656d12f67cde3bb494498e6b6b6e66945ef85688f185dcf63",
- "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
- "zh:9617280a853ec7caedb8beb7864e4b29faf9c850a453283980c28fccef2c493d",
- "zh:ac8bda21950f8dddade3e9bc15f7bcfdee743738483be5724169943cafa611f5",
- "zh:ba9ab567bbe63dee9197a763b3104ea9217ba27449ed54d3afa6657f412e3496",
- "zh:effd1a7e34bae3879c02f03ed3afa979433a518e11de1f8afd35a8710231ac14",
- "zh:f021538c86d0ac250d75e59efde6d869bbfff711eb744c8bddce79d2475bf46d",
- "zh:f1e3984597948a2103391a26600e177b19f16a5a4c66acee27a4343fb141571f",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/kubernetes" {
- version = "2.19.0"
- constraints = ">= 2.10.0, 2.19.0"
- hashes = [
- "h1:ID/u9YOv00w+Z8iG+592oyuV7HcqRmPiZpEC9hnyTMY=",
- "zh:028d346460de2d1d19b4c863dfc36be51c7bcd97d372b54a3a946bcb19f3f613",
- "zh:391d0b38c455437d0a2ab1beb6ce6e1230aa4160bbae11c58b2810b258b44280",
- "zh:40ea742f91b67f66e71d7091cfd40cc604528c4947651924bd6d8bd8d9793708",
- "zh:48a99d341c8ba3cadaafa7cb99c0f11999f5e23f5cfb0f8469b4e352d9116e74",
- "zh:4a5ade940eff267cbf7dcd52c1a7ac3999e7cc24996a409bd8b37bdb48a97f02",
- "zh:5063742016a8249a4be057b9cc0ef24a684ec76d0ae5463d4b07e9b2d21e047e",
- "zh:5d36b3a5662f840a6788f5e2a19d02139e87318feb3c5d82c7d076be1366fec4",
- "zh:75edd9960cb30e54ef7de1b7df2761a274f17d4d41f54e72f86b43f41af3eb6d",
- "zh:b85cadef3e6f25f1a10a617472bf5e8449decd61626733a1bc723de5edc08f64",
- "zh:dc565b17b4ea6dde6bd1b92bc37e5e850fcbf9400540eec00ad3d9552a76ac2e",
- "zh:deb665cc2123f2701aa3d653987b2ca35fb035a08a76a2382efb215c209f19a5",
- "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/time" {
- version = "0.10.0"
- constraints = ">= 0.9.0"
- hashes = [
- "h1:NAl8eupFAZXCAbE5uiHZTz+Yqler55B3fMG+jNPrjjM=",
- "zh:0ab31efe760cc86c9eef9e8eb070ae9e15c52c617243bbd9041632d44ea70781",
- "zh:0ee4e906e28f23c598632eeac297ab098d6d6a90629d15516814ab90ad42aec8",
- "zh:3bbb3e9da728b82428c6f18533b5b7c014e8ff1b8d9b2587107c966b985e5bcc",
- "zh:6771c72db4e4486f2c2603c81dfddd9e28b6554d1ded2996b4cb37f887b467de",
- "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
- "zh:833c636d86c2c8f23296a7da5d492bdfd7260e22899fc8af8cc3937eb41a7391",
- "zh:c545f1497ae0978ffc979645e594b57ff06c30b4144486f4f362d686366e2e42",
- "zh:def83c6a85db611b8f1d996d32869f59397c23b8b78e39a978c8a2296b0588b2",
- "zh:df9579b72cc8e5fac6efee20c7d0a8b72d3d859b50828b1c473d620ab939e2c7",
- "zh:e281a8ecbb33c185e2d0976dc526c93b7359e3ffdc8130df7422863f4952c00e",
- "zh:ecb1af3ae67ac7933b5630606672c94ec1f54b119bf77d3091f16d55ab634461",
- "zh:f8109f13e07a741e1e8a52134f84583f97a819e33600be44623a21f6424d6593",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/tls" {
- version = "4.0.5"
- constraints = ">= 3.0.0"
- hashes = [
- "h1:zeG5RmggBZW/8JWIVrdaeSJa0OG62uFX5HY1eE8SjzY=",
- "zh:01cfb11cb74654c003f6d4e32bbef8f5969ee2856394a96d127da4949c65153e",
- "zh:0472ea1574026aa1e8ca82bb6df2c40cd0478e9336b7a8a64e652119a2fa4f32",
- "zh:1a8ddba2b1550c5d02003ea5d6cdda2eef6870ece86c5619f33edd699c9dc14b",
- "zh:1e3bb505c000adb12cdf60af5b08f0ed68bc3955b0d4d4a126db5ca4d429eb4a",
- "zh:6636401b2463c25e03e68a6b786acf91a311c78444b1dc4f97c539f9f78de22a",
- "zh:76858f9d8b460e7b2a338c477671d07286b0d287fd2d2e3214030ae8f61dd56e",
- "zh:a13b69fb43cb8746793b3069c4d897bb18f454290b496f19d03c3387d1c9a2dc",
- "zh:a90ca81bb9bb509063b736842250ecff0f886a91baae8de65c8430168001dad9",
- "zh:c4de401395936e41234f1956ebadbd2ed9f414e6908f27d578614aaa529870d4",
- "zh:c657e121af8fde19964482997f0de2d5173217274f6997e16389e7707ed8ece8",
- "zh:d68b07a67fbd604c38ec9733069fbf23441436fecf554de6c75c032f82e1ef19",
- "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- ]
-}
diff --git a/terraform/layer1-aws/README.md b/terraform/layer1-aws/README.md
deleted file mode 100644
index ebd9da78..00000000
--- a/terraform/layer1-aws/README.md
+++ /dev/null
@@ -1,113 +0,0 @@
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | 1.4.4 |
-| [aws](#requirement\_aws) | 5.1.0 |
-| [kubernetes](#requirement\_kubernetes) | 2.19.0 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [aws](#provider\_aws) | 5.1.0 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [acm](#module\_acm) | terraform-aws-modules/acm/aws | 4.3.2 |
-| [aws\_cost\_allocation\_tags](#module\_aws\_cost\_allocation\_tags) | ../modules/aws-cost-allocation-tags | n/a |
-| [aws\_ebs\_csi\_driver](#module\_aws\_ebs\_csi\_driver) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | 5.17.0 |
-| [eks](#module\_eks) | terraform-aws-modules/eks/aws | 19.12.0 |
-| [eventbridge](#module\_eventbridge) | terraform-aws-modules/eventbridge/aws | 1.17.3 |
-| [pritunl](#module\_pritunl) | ../modules/aws-pritunl | n/a |
-| [r53\_zone](#module\_r53\_zone) | terraform-aws-modules/route53/aws//modules/zones | 2.10.2 |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 4.0.1 |
-| [vpc\_cni\_irsa](#module\_vpc\_cni\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | 5.17.0 |
-| [vpc\_gateway\_endpoints](#module\_vpc\_gateway\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 4.0.1 |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_cloudtrail.main](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/resources/cloudtrail) | resource |
-| [aws_ebs_encryption_by_default.default](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/resources/ebs_encryption_by_default) | resource |
-| [aws_iam_account_password_policy.default](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/resources/iam_account_password_policy) | resource |
-| [aws_s3_bucket.cloudtrail](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/resources/s3_bucket) | resource |
-| [aws_s3_bucket_lifecycle_configuration.cloudtrail](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/resources/s3_bucket_lifecycle_configuration) | resource |
-| [aws_s3_bucket_policy.cloudtrail](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/resources/s3_bucket_policy) | resource |
-| [aws_s3_bucket_public_access_block.cloudtrail](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/resources/s3_bucket_public_access_block) | resource |
-| [aws_s3_bucket_server_side_encryption_configuration.cloudtrail](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
-| [aws_sns_topic.security_alerts](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/resources/sns_topic) | resource |
-| [aws_sns_topic_policy.security_alerts](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/resources/sns_topic_policy) | resource |
-| [aws_sns_topic_subscription.security_alerts](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/resources/sns_topic_subscription) | resource |
-| [aws_acm_certificate.main](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/data-sources/acm_certificate) | data source |
-| [aws_ami.eks_default_arm64](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/data-sources/ami) | data source |
-| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/data-sources/availability_zones) | data source |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/data-sources/caller_identity) | data source |
-| [aws_eks_cluster_auth.main](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/data-sources/eks_cluster_auth) | data source |
-| [aws_route53_zone.main](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/data-sources/route53_zone) | data source |
-| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/5.1.0/docs/data-sources/security_group) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [allowed\_account\_ids](#input\_allowed\_account\_ids) | List of allowed AWS account IDs | `list` | `[]` | no |
-| [allowed\_ips](#input\_allowed\_ips) | IP addresses allowed to connect to private resources | `list(any)` | `[]` | no |
-| [aws\_account\_password\_policy](#input\_aws\_account\_password\_policy) | n/a | `any` | {
"allow_users_to_change_password": true,
"create": true,
"hard_expiry": false,
"max_password_age": 90,
"minimum_password_length": 14,
"password_reuse_prevention": 10,
"require_lowercase_characters": true,
"require_numbers": true,
"require_symbols": true,
"require_uppercase_characters": true
} | no |
-| [aws\_cis\_benchmark\_alerts](#input\_aws\_cis\_benchmark\_alerts) | AWS CIS Benchmark alerts configuration | `any` | {
"email": "demo@example.com",
"enabled": "false",
"rules": {
"aws_config_changes_enabled": true,
"cloudtrail_configuration_changes_enabled": true,
"console_login_failed_enabled": true,
"consolelogin_without_mfa_enabled": true,
"iam_policy_changes_enabled": true,
"kms_cmk_delete_or_disable_enabled": true,
"nacl_changes_enabled": true,
"network_gateway_changes_enabled": true,
"organization_changes_enabled": true,
"parameter_store_actions_enabled": true,
"route_table_changes_enabled": true,
"s3_bucket_policy_changes_enabled": true,
"secrets_manager_actions_enabled": true,
"security_group_changes_enabled": true,
"unauthorized_api_calls_enabled": true,
"usage_of_root_account_enabled": true,
"vpc_changes_enabled": true
}
} | no |
-| [az\_count](#input\_az\_count) | Count of avaiablity zones, min 2 | `number` | `3` | no |
-| [cidr](#input\_cidr) | Default CIDR block for VPC | `string` | `"10.0.0.0/16"` | no |
-| [cloudtrail\_logs\_s3\_expiration\_days](#input\_cloudtrail\_logs\_s3\_expiration\_days) | How many days keep cloudtrail logs on S3 | `string` | `180` | no |
-| [create\_acm\_certificate](#input\_create\_acm\_certificate) | Whether to create acm certificate or use existing | `bool` | `false` | no |
-| [create\_r53\_zone](#input\_create\_r53\_zone) | Create R53 zone for main public domain | `bool` | `false` | no |
-| [domain\_name](#input\_domain\_name) | Main public domain name | `any` | n/a | yes |
-| [eks\_cloudwatch\_log\_group\_retention\_in\_days](#input\_eks\_cloudwatch\_log\_group\_retention\_in\_days) | Number of days to retain log events. Default retention - 90 days. | `number` | `90` | no |
-| [eks\_cluster\_enabled\_log\_types](#input\_eks\_cluster\_enabled\_log\_types) | A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html). Possible values: api, audit, authenticator, controllerManager, scheduler | `list(string)` | [
"audit"
]
| no |
-| [eks\_cluster\_encryption\_config\_enable](#input\_eks\_cluster\_encryption\_config\_enable) | Enable or not encryption for k8s secrets with aws-kms | `bool` | `false` | no |
-| [eks\_cluster\_endpoint\_only\_pritunl](#input\_eks\_cluster\_endpoint\_only\_pritunl) | Only Pritunl VPN server will have access to eks endpoint. | `bool` | `false` | no |
-| [eks\_cluster\_endpoint\_private\_access](#input\_eks\_cluster\_endpoint\_private\_access) | Enable or not private access to cluster endpoint | `bool` | `false` | no |
-| [eks\_cluster\_endpoint\_public\_access](#input\_eks\_cluster\_endpoint\_public\_access) | Enable or not public access to cluster endpoint | `bool` | `true` | no |
-| [eks\_cluster\_version](#input\_eks\_cluster\_version) | Version of the EKS K8S cluster | `string` | `"1.25"` | no |
-| [eks\_map\_roles](#input\_eks\_map\_roles) | Additional IAM roles to add to the aws-auth configmap. | list(object({
rolearn = string
username = string
groups = list(string)
})) | `[]` | no |
-| [environment](#input\_environment) | Env name in case workspace wasn't used | `string` | `"demo"` | no |
-| [is\_this\_payment\_account](#input\_is\_this\_payment\_account) | Set it to false if a target account isn't a payer account. This variable is used to apply a configuration for cost allocation tags | `bool` | `true` | no |
-| [name](#input\_name) | Project name, required to create unique resource names | `any` | n/a | yes |
-| [node\_group\_default](#input\_node\_group\_default) | Default node group configuration | object({
instance_type = string
max_capacity = number
min_capacity = number
desired_capacity = number
capacity_rebalance = bool
use_mixed_instances_policy = bool
mixed_instances_policy = any
}) | {
"capacity_rebalance": true,
"desired_capacity": 2,
"instance_type": "t4g.medium",
"max_capacity": 3,
"min_capacity": 2,
"mixed_instances_policy": {
"instances_distribution": {
"on_demand_base_capacity": 0,
"on_demand_percentage_above_base_capacity": 0
},
"override": [
{
"instance_type": "t4g.small"
},
{
"instance_type": "t4g.medium"
}
]
},
"use_mixed_instances_policy": true
} | no |
-| [pritunl\_vpn\_access\_cidr\_blocks](#input\_pritunl\_vpn\_access\_cidr\_blocks) | IP address that will have access to the web console | `string` | `"127.0.0.1/32"` | no |
-| [pritunl\_vpn\_server\_enable](#input\_pritunl\_vpn\_server\_enable) | Indicates whether or not the Pritunl VPN server is deployed. | `bool` | `false` | no |
-| [region](#input\_region) | Default infrastructure region | `string` | `"us-east-1"` | no |
-| [short\_region](#input\_short\_region) | The abbreviated name of the region, required to form unique resource names | `map` | {
"ap-east-1": "ape1",
"ap-northeast-1": "apn1",
"ap-northeast-2": "apn2",
"ap-south-1": "aps1",
"ap-southeast-1": "apse1",
"ap-southeast-2": "apse2",
"ca-central-1": "cac1",
"cn-north-1": "cnn1",
"cn-northwest-1": "cnnw1",
"eu-central-1": "euc1",
"eu-north-1": "eun1",
"eu-west-1": "euw1",
"eu-west-2": "euw2",
"eu-west-3": "euw3",
"sa-east-1": "sae1",
"us-east-1": "use1",
"us-east-2": "use2",
"us-gov-east-1": "usge1",
"us-gov-west-1": "usgw1",
"us-west-1": "usw1",
"us-west-2": "usw2"
} | no |
-| [single\_nat\_gateway](#input\_single\_nat\_gateway) | Flag to create single nat gateway for all AZs | `bool` | `true` | no |
-| [zone\_id](#input\_zone\_id) | R53 zone id for public domain | `any` | `null` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [allowed\_ips](#output\_allowed\_ips) | List of allowed ip's, used for direct ssh access to instances. |
-| [az\_count](#output\_az\_count) | Count of avaiablity zones, min 2 |
-| [domain\_name](#output\_domain\_name) | Domain name |
-| [eks\_cluster\_endpoint](#output\_eks\_cluster\_endpoint) | Endpoint for EKS control plane. |
-| [eks\_cluster\_id](#output\_eks\_cluster\_id) | n/a |
-| [eks\_cluster\_security\_group\_id](#output\_eks\_cluster\_security\_group\_id) | Security group ids attached to the cluster control plane. |
-| [eks\_kubectl\_console\_config](#output\_eks\_kubectl\_console\_config) | description |
-| [eks\_oidc\_provider\_arn](#output\_eks\_oidc\_provider\_arn) | ARN of EKS oidc provider |
-| [env](#output\_env) | Suffix for the hostname depending on workspace |
-| [name](#output\_name) | Project name, required to form unique resource names |
-| [name\_wo\_region](#output\_name\_wo\_region) | Project name, required to form unique resource names without short region |
-| [node\_group\_default\_iam\_role\_arn](#output\_node\_group\_default\_iam\_role\_arn) | n/a |
-| [node\_group\_default\_iam\_role\_name](#output\_node\_group\_default\_iam\_role\_name) | n/a |
-| [region](#output\_region) | Target region for all infrastructure resources |
-| [route53\_zone\_id](#output\_route53\_zone\_id) | ID of domain zone |
-| [short\_region](#output\_short\_region) | The abbreviated name of the region, required to form unique resource names |
-| [ssl\_certificate\_arn](#output\_ssl\_certificate\_arn) | ARN of SSL certificate |
-| [vpc\_cidr](#output\_vpc\_cidr) | CIDR block of infra VPC |
-| [vpc\_database\_subnets](#output\_vpc\_database\_subnets) | Database subnets of infra VPC |
-| [vpc\_id](#output\_vpc\_id) | ID of infra VPC |
-| [vpc\_intra\_subnets](#output\_vpc\_intra\_subnets) | Private intra subnets |
-| [vpc\_name](#output\_vpc\_name) | Name of infra VPC |
-| [vpc\_private\_subnets](#output\_vpc\_private\_subnets) | Private subnets of infra VPC |
-| [vpc\_public\_subnets](#output\_vpc\_public\_subnets) | Public subnets of infra VPC |
diff --git a/terraform/layer1-aws/aws-cloudtrail.tf b/terraform/layer1-aws/aws-cloudtrail.tf
deleted file mode 100644
index 11dd219a..00000000
--- a/terraform/layer1-aws/aws-cloudtrail.tf
+++ /dev/null
@@ -1,89 +0,0 @@
-#tfsec:ignore:aws-cloudtrail-enable-at-rest-encryption tfsec:ignore:aws-cloudtrail-ensure-cloudwatch-integration
-resource "aws_cloudtrail" "main" {
- name = var.name
- s3_bucket_name = aws_s3_bucket.cloudtrail.id
- include_global_service_events = true
- enable_log_file_validation = true
- enable_logging = true
- is_multi_region_trail = true
-
- tags = var.tags
-
- depends_on = [aws_s3_bucket_policy.cloudtrail]
-}
-
-#tfsec:ignore:aws-s3-enable-bucket-logging tfsec:ignore:aws-s3-enable-versioning tfsec:ignore:aws-cloudtrail-require-bucket-access-logging
-resource "aws_s3_bucket" "cloudtrail" {
- bucket = "${var.name}-aws-cloudtrail-logs"
-
- tags = var.tags
-}
-
-resource "aws_s3_bucket_lifecycle_configuration" "cloudtrail" {
- bucket = aws_s3_bucket.cloudtrail.id
-
- rule {
- id = "remove_old_files"
- status = "Enabled"
-
- abort_incomplete_multipart_upload {
- days_after_initiation = 2
- }
- expiration {
- days = var.cloudtrail_logs_s3_expiration_days
- }
- }
-}
-
-#tfsec:ignore:aws-s3-encryption-customer-key
-resource "aws_s3_bucket_server_side_encryption_configuration" "cloudtrail" {
- bucket = aws_s3_bucket.cloudtrail.bucket
-
- rule {
- apply_server_side_encryption_by_default {
- sse_algorithm = "AES256"
- }
- }
-}
-
-resource "aws_s3_bucket_public_access_block" "cloudtrail" {
- bucket = aws_s3_bucket.cloudtrail.id
- restrict_public_buckets = true
- block_public_acls = true
- block_public_policy = true
- ignore_public_acls = true
-}
-
-resource "aws_s3_bucket_policy" "cloudtrail" {
- bucket = aws_s3_bucket.cloudtrail.id
-
- policy = jsonencode(
- {
- "Version" : "2012-10-17",
- "Statement" : [
- {
- "Sid" : "AWSCloudTrailAclCheck",
- "Effect" : "Allow",
- "Principal" : {
- "Service" : "cloudtrail.amazonaws.com"
- },
- "Action" : "s3:GetBucketAcl",
- "Resource" : aws_s3_bucket.cloudtrail.arn
- },
- {
- "Sid" : "AWSCloudTrailWrite",
- "Effect" : "Allow",
- "Principal" : {
- "Service" : "cloudtrail.amazonaws.com"
- },
- "Action" : "s3:PutObject",
- "Resource" : "${aws_s3_bucket.cloudtrail.arn}/*",
- "Condition" : {
- "StringEquals" : {
- "s3:x-amz-acl" : "bucket-owner-full-control"
- }
- }
- }
- ]
- })
-}
diff --git a/terraform/layer1-aws/aws-pritunl.tf b/terraform/layer1-aws/aws-pritunl.tf
deleted file mode 100644
index d7e127ab..00000000
--- a/terraform/layer1-aws/aws-pritunl.tf
+++ /dev/null
@@ -1,30 +0,0 @@
-#tfsec:ignore:aws-vpc-no-public-egress-sgr tfsec:ignore:aws-vpc-no-public-ingress-sgr
-module "pritunl" {
- count = var.pritunl_vpn_server_enable ? 1 : 0
-
- source = "../modules/aws-pritunl"
- environment = var.env
- vpc_id = var.vpc_id
- public_subnets = var.public_subnets
- private_subnets = var.private_subnets
- ingress_with_cidr_blocks = [
- {
- protocol = "6"
- from_port = 443
- to_port = 443
- cidr_blocks = var.pritunl_vpn_access_cidr_blocks
- },
- {
- protocol = "17"
- from_port = 19739 # this is a port that we will set in pritunl server configuration (after installation)
- to_port = 19739
- cidr_blocks = "0.0.0.0/0"
- },
- {
- protocol = "6"
- from_port = 80
- to_port = 80
- cidr_blocks = var.pritunl_vpn_access_cidr_blocks
- },
- ]
-}
diff --git a/terraform/layer1-aws/demo.tfvars.example b/terraform/layer1-aws/demo.tfvars.example
deleted file mode 100644
index 65b67fc3..00000000
--- a/terraform/layer1-aws/demo.tfvars.example
+++ /dev/null
@@ -1,21 +0,0 @@
-##########
-# Common
-##########
-name = "example"
-domain_name = "example.org"
-environment = "demo"
-
-##########
-# Network
-##########
-region = "us-east-1"
-az_count = 3
-allowed_ips = [
- "0.0.0.0/0"
-]
-single_nat_gateway = true
-
-##########
-# EKS
-##########
-eks_cluster_encryption_config_enable = true
diff --git a/terraform/layer1-aws/locals.tf b/terraform/layer1-aws/locals.tf
deleted file mode 100644
index d0545730..00000000
--- a/terraform/layer1-aws/locals.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-# Use this as name base for all resources:
-locals {
- # COMMON
- domain_name = var.domain_name
- account_id = data.aws_caller_identity.current.account_id
-
- ssl_certificate_arn = var.create_acm_certificate ? module.acm.acm_certificate_arn : data.aws_acm_certificate.main[0].arn
-
- zone_id = var.create_r53_zone ? values(module.r53_zone.route53_zone_zone_id)[0] : (var.zone_id != null ? var.zone_id : data.aws_route53_zone.main[0].zone_id)
-}
diff --git a/terraform/layer1-aws/outputs.tf b/terraform/layer1-aws/outputs.tf
deleted file mode 100644
index 261d7785..00000000
--- a/terraform/layer1-aws/outputs.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-
-output "domain_name" {
- description = "Domain name"
- value = var.domain_name
-}
-
-output "route53_zone_id" {
- description = "ID of domain zone"
- value = local.zone_id
-}
-
-output "allowed_ips" {
- description = "List of allowed ip's, used for direct ssh access to instances."
- value = var.allowed_ips
-}
-
-output "ssl_certificate_arn" {
- description = "ARN of SSL certificate"
- value = local.ssl_certificate_arn
-}
-
diff --git a/terraform/layer1-aws/variables.tf b/terraform/layer1-aws/variables.tf
deleted file mode 100644
index d680e8ae..00000000
--- a/terraform/layer1-aws/variables.tf
+++ /dev/null
@@ -1,133 +0,0 @@
-# COMMON VARIABLES
-
-variable "allowed_account_ids" {
- description = "List of allowed AWS account IDs"
- default = []
-}
-
-variable "aws_account_password_policy" {
- type = any
- default = {
- create = true
- minimum_password_length = 14 # Minimum length to require for user passwords
- password_reuse_prevention = 10 # The number of previous passwords that users are prevented from reusing
- require_lowercase_characters = true # If true, password must contain at least 1 lowercase symbol
- require_numbers = true # If true, password must contain at least 1 number symbol
- require_uppercase_characters = true # If true, password must contain at least 1 uppercase symbol
- require_symbols = true # If true, password must contain at least 1 special symbol
- allow_users_to_change_password = true # Whether to allow users to change their own password
- max_password_age = 90 # How many days user's password is valid
- hard_expiry = false # Don't allow users to set a new password after their password has expired
- }
-}
-
-variable "is_this_payment_account" {
- default = false
- description = "Set it to false if a target account isn't a payer account. This variable is used to apply a configuration for cost allocation tags"
-}
-
-variable "domain_name" {
- description = "Main public domain name"
-}
-
-variable "zone_id" {
- default = null
- description = "R53 zone id for public domain"
-}
-
-variable "create_r53_zone" {
- default = false
- description = "Create R53 zone for main public domain"
-}
-
-variable "create_acm_certificate" {
- default = false
- description = "Whether to create acm certificate or use existing"
-}
-
-variable "allowed_ips" {
- type = list(any)
- default = []
- description = "IP addresses allowed to connect to private resources"
-}
-
-# EKS
-
-
-variable "pritunl_vpn_server_enable" {
- type = bool
- default = false
- description = "Indicates whether or not the Pritunl VPN server is deployed."
-}
-
-variable "pritunl_vpn_access_cidr_blocks" {
- type = string
- default = "127.0.0.1/32"
- description = "IP address that will have access to the web console"
-}
-
-variable "aws_cis_benchmark_alerts" {
- type = any
- default = {
- "enabled" = "false"
- "email" = "demo@example.com" # where to send alerts
- "rules" = {
- "secrets_manager_actions_enabled" = true
- "parameter_store_actions_enabled" = true
- "console_login_failed_enabled" = true
- "kms_cmk_delete_or_disable_enabled" = true
- "consolelogin_without_mfa_enabled" = true
- "unauthorized_api_calls_enabled" = true
- "usage_of_root_account_enabled" = true
- "iam_policy_changes_enabled" = true
- "cloudtrail_configuration_changes_enabled" = true
- "s3_bucket_policy_changes_enabled" = true
- "aws_config_changes_enabled" = true
- "security_group_changes_enabled" = true
- "nacl_changes_enabled" = true
- "network_gateway_changes_enabled" = true
- "route_table_changes_enabled" = true
- "vpc_changes_enabled" = true
- "organization_changes_enabled" = true
- }
- }
- description = "AWS CIS Benchmark alerts configuration"
-}
-
-variable "cloudtrail_logs_s3_expiration_days" {
- type = string
- default = 180
- description = "How many days keep cloudtrail logs on S3"
-}
-
-variable "tags" {
- type = any
-}
-
-variable "private_subnets" {
- type = list(any)
-}
-
-variable "public_subnets" {
- type = list(any)
-}
-
-variable "intra_subnets" {
- type = list(any)
-}
-
-variable "vpc_id" {
-
-}
-
-variable "region" {
-
-}
-
-variable "env" {
-
-}
-
-variable "name" {
-
-}
diff --git a/terraform/layer1-aws/aws-acm.tf b/terraform/modules/aws-acm/main.tf
similarity index 75%
rename from terraform/layer1-aws/aws-acm.tf
rename to terraform/modules/aws-acm/main.tf
index cef66561..81b41b24 100644
--- a/terraform/layer1-aws/aws-acm.tf
+++ b/terraform/modules/aws-acm/main.tf
@@ -14,10 +14,8 @@ module "acm" {
create_certificate = var.create_acm_certificate
- domain_name = local.domain_name
- zone_id = local.zone_id
+ domain_name = var.domain_name
+ zone_id = var.zone_id
subject_alternative_names = [
- "*.${local.domain_name}"]
-
- tags = var.tags
+ "*.${var.domain_name}"]
}
diff --git a/terraform/modules/aws-acm/variables.tf b/terraform/modules/aws-acm/variables.tf
new file mode 100644
index 00000000..4ba055d0
--- /dev/null
+++ b/terraform/modules/aws-acm/variables.tf
@@ -0,0 +1,14 @@
+variable "create_acm_certificate" {
+ type = bool
+ default = false
+}
+
+variable "domain_name" {
+ type = string
+ description = "Main public domain name"
+}
+
+variable "zone_id" {
+ default = ""
+ description = "R53 zone id for public domain"
+}
diff --git a/terraform/layer1-aws/versions.tf b/terraform/modules/aws-acm/versions.tf
similarity index 100%
rename from terraform/layer1-aws/versions.tf
rename to terraform/modules/aws-acm/versions.tf
diff --git a/terraform/layer1-aws/aws-cis-benchmark-alerts.tf b/terraform/modules/aws-cis-benchmark-alerts/main.tf
similarity index 99%
rename from terraform/layer1-aws/aws-cis-benchmark-alerts.tf
rename to terraform/modules/aws-cis-benchmark-alerts/main.tf
index ed3cf241..f91fcfcc 100644
--- a/terraform/layer1-aws/aws-cis-benchmark-alerts.tf
+++ b/terraform/modules/aws-cis-benchmark-alerts/main.tf
@@ -452,8 +452,6 @@ module "eventbridge" {
}
]
}
-
- tags = var.tags
}
#tfsec:ignore:aws-sns-enable-topic-encryption
@@ -462,7 +460,6 @@ resource "aws_sns_topic" "security_alerts" {
name = "${var.name}-security-alerts"
- tags = var.tags
}
resource "aws_sns_topic_subscription" "security_alerts" {
diff --git a/terraform/modules/aws-cis-benchmark-alerts/variables.tf b/terraform/modules/aws-cis-benchmark-alerts/variables.tf
new file mode 100644
index 00000000..41392131
--- /dev/null
+++ b/terraform/modules/aws-cis-benchmark-alerts/variables.tf
@@ -0,0 +1,32 @@
+variable "name" {
+ type = string
+ description = "Project name, required to create unique resource names"
+}
+
+variable "aws_cis_benchmark_alerts" {
+ type = any
+ default = {
+ "enabled" = "false"
+ "email" = "demo@example.com" # where to send alerts
+ "rules" = {
+ "secrets_manager_actions_enabled" = true
+ "parameter_store_actions_enabled" = true
+ "console_login_failed_enabled" = true
+ "kms_cmk_delete_or_disable_enabled" = true
+ "consolelogin_without_mfa_enabled" = true
+ "unauthorized_api_calls_enabled" = true
+ "usage_of_root_account_enabled" = true
+ "iam_policy_changes_enabled" = true
+ "cloudtrail_configuration_changes_enabled" = true
+ "s3_bucket_policy_changes_enabled" = true
+ "aws_config_changes_enabled" = true
+ "security_group_changes_enabled" = true
+ "nacl_changes_enabled" = true
+ "network_gateway_changes_enabled" = true
+ "route_table_changes_enabled" = true
+ "vpc_changes_enabled" = true
+ "organization_changes_enabled" = true
+ }
+ }
+ description = "AWS CIS Benchmark alerts configuration"
+}
diff --git a/terraform/modules/vpc/versions.tf b/terraform/modules/aws-cis-benchmark-alerts/versions.tf
similarity index 100%
rename from terraform/modules/vpc/versions.tf
rename to terraform/modules/aws-cis-benchmark-alerts/versions.tf
diff --git a/terraform/modules/aws-cost-allocation-tags/versions.tf b/terraform/modules/aws-cost-allocation-tags/versions.tf
new file mode 100644
index 00000000..fac1f195
--- /dev/null
+++ b/terraform/modules/aws-cost-allocation-tags/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = "1.4.4"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "5.36.0"
+ }
+ }
+}
diff --git a/terraform/modules/aws-ebs-encryption-default/main.tf b/terraform/modules/aws-ebs-encryption-default/main.tf
new file mode 100644
index 00000000..f66b2cd4
--- /dev/null
+++ b/terraform/modules/aws-ebs-encryption-default/main.tf
@@ -0,0 +1,3 @@
+resource "aws_ebs_encryption_by_default" "this" {
+ enabled = var.enable
+}
diff --git a/terraform/modules/aws-ebs-encryption-default/variables.tf b/terraform/modules/aws-ebs-encryption-default/variables.tf
new file mode 100644
index 00000000..6c94dca8
--- /dev/null
+++ b/terraform/modules/aws-ebs-encryption-default/variables.tf
@@ -0,0 +1,4 @@
+variable "enable" {
+ type = bool
+ default = false
+}
diff --git a/terraform/modules/aws-ebs-encryption-default/versions.tf b/terraform/modules/aws-ebs-encryption-default/versions.tf
new file mode 100644
index 00000000..fac1f195
--- /dev/null
+++ b/terraform/modules/aws-ebs-encryption-default/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = "1.4.4"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "5.36.0"
+ }
+ }
+}
diff --git a/terraform/modules/eks/main.tf b/terraform/modules/aws-eks/main.tf
similarity index 100%
rename from terraform/modules/eks/main.tf
rename to terraform/modules/aws-eks/main.tf
diff --git a/terraform/modules/eks/outputs.tf b/terraform/modules/aws-eks/outputs.tf
similarity index 100%
rename from terraform/modules/eks/outputs.tf
rename to terraform/modules/aws-eks/outputs.tf
diff --git a/terraform/modules/eks/variables.tf b/terraform/modules/aws-eks/variables.tf
similarity index 96%
rename from terraform/modules/eks/variables.tf
rename to terraform/modules/aws-eks/variables.tf
index bab136d7..1a70255b 100644
--- a/terraform/modules/eks/variables.tf
+++ b/terraform/modules/aws-eks/variables.tf
@@ -1,3 +1,31 @@
+variable "name" {
+ type = string
+}
+
+variable "env" {
+ type = string
+}
+
+variable "region" {
+ type = string
+}
+
+variable "vpc_id" {
+ type = string
+}
+
+variable "intra_subnets" {
+ type = list(any)
+}
+
+variable "private_subnets" {
+ type = list(any)
+}
+
+variable "public_subnets" {
+ type = list(any)
+}
+
variable "eks_cluster_version" {
default = "1.25"
description = "Version of the EKS K8S cluster"
@@ -83,29 +111,7 @@ variable "eks_cluster_endpoint_only_pritunl" {
description = "Only Pritunl VPN server will have access to eks endpoint."
}
-
variable "tags" {
- type = any
-}
-variable "private_subnets" {
- type = list(any)
-}
-variable "public_subnets" {
- type = list(any)
-}
-variable "intra_subnets" {
- type = list(any)
-}
-variable "vpc_id" {
-
-}
-variable "region" {
-
-}
-variable "env" {
-
-}
-
-variable "name" {
-
+ type = any
+ default = {}
}
diff --git a/terraform/modules/eks/versions.tf b/terraform/modules/aws-eks/versions.tf
similarity index 100%
rename from terraform/modules/eks/versions.tf
rename to terraform/modules/aws-eks/versions.tf
diff --git a/terraform/layer1-aws/main.tf b/terraform/modules/aws-password-policy/main.tf
similarity index 78%
rename from terraform/layer1-aws/main.tf
rename to terraform/modules/aws-password-policy/main.tf
index ae725f22..84dec11e 100644
--- a/terraform/layer1-aws/main.tf
+++ b/terraform/modules/aws-password-policy/main.tf
@@ -1,14 +1,4 @@
-data "aws_availability_zones" "available" {}
-
-data "aws_caller_identity" "current" {}
-
-resource "aws_ebs_encryption_by_default" "default" {
- enabled = true
-}
-
resource "aws_iam_account_password_policy" "default" {
- count = var.aws_account_password_policy.create ? 1 : 0
-
minimum_password_length = var.aws_account_password_policy.minimum_password_length
password_reuse_prevention = var.aws_account_password_policy.password_reuse_prevention
require_lowercase_characters = var.aws_account_password_policy.require_lowercase_characters
diff --git a/terraform/modules/aws-password-policy/variables.tf b/terraform/modules/aws-password-policy/variables.tf
new file mode 100644
index 00000000..e234d3df
--- /dev/null
+++ b/terraform/modules/aws-password-policy/variables.tf
@@ -0,0 +1,14 @@
+variable "aws_account_password_policy" {
+ type = any
+ default = {
+ minimum_password_length = 14 # Minimum length to require for user passwords
+ password_reuse_prevention = 10 # The number of previous passwords that users are prevented from reusing
+ require_lowercase_characters = true # If true, password must contain at least 1 lowercase symbol
+ require_numbers = true # If true, password must contain at least 1 number symbol
+ require_uppercase_characters = true # If true, password must contain at least 1 uppercase symbol
+ require_symbols = true # If true, password must contain at least 1 special symbol
+ allow_users_to_change_password = true # Whether to allow users to change their own password
+ max_password_age = 90 # How many days user's password is valid
+ hard_expiry = false # Don't allow users to set a new password after their password has expired
+ }
+}
diff --git a/terraform/modules/aws-password-policy/versions.tf b/terraform/modules/aws-password-policy/versions.tf
new file mode 100644
index 00000000..fac1f195
--- /dev/null
+++ b/terraform/modules/aws-password-policy/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = "1.4.4"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "5.36.0"
+ }
+ }
+}
diff --git a/terraform/modules/aws-pritunl/versions.tf b/terraform/modules/aws-pritunl/versions.tf
new file mode 100644
index 00000000..fac1f195
--- /dev/null
+++ b/terraform/modules/aws-pritunl/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = "1.4.4"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "5.36.0"
+ }
+ }
+}
diff --git a/terraform/layer1-aws/aws-r53.tf b/terraform/modules/aws-r53/main.tf
similarity index 78%
rename from terraform/layer1-aws/aws-r53.tf
rename to terraform/modules/aws-r53/main.tf
index 64635cd9..5420d038 100644
--- a/terraform/layer1-aws/aws-r53.tf
+++ b/terraform/modules/aws-r53/main.tf
@@ -1,5 +1,5 @@
data "aws_route53_zone" "main" {
- count = var.create_r53_zone && var.zone_id == null ? 0 : 1
+ count = var.create_r53_zone ? 0 : 1
name = "${var.domain_name}."
private_zone = false
@@ -14,7 +14,6 @@ module "r53_zone" {
zones = {
(var.domain_name) = {
comment = var.domain_name
- tags = var.tags
}
}
}
diff --git a/terraform/modules/aws-r53/outputs.tf b/terraform/modules/aws-r53/outputs.tf
new file mode 100644
index 00000000..23420584
--- /dev/null
+++ b/terraform/modules/aws-r53/outputs.tf
@@ -0,0 +1,4 @@
+output "route53_zone_id" {
+ description = "ID of domain zone"
+ value = var.create_r53_zone ? values(module.r53_zone.route53_zone_zone_id)[0] : data.aws_route53_zone.main[0].zone_id
+}
diff --git a/terraform/modules/aws-r53/variables.tf b/terraform/modules/aws-r53/variables.tf
new file mode 100644
index 00000000..40a80529
--- /dev/null
+++ b/terraform/modules/aws-r53/variables.tf
@@ -0,0 +1,11 @@
+variable "domain_name" {
+ type = string
+ description = "Main public domain name"
+}
+
+variable "create_r53_zone" {
+ type = bool
+ default = false
+ description = "Create R53 zone for main public domain"
+}
+
diff --git a/terraform/modules/aws-r53/versions.tf b/terraform/modules/aws-r53/versions.tf
new file mode 100644
index 00000000..fac1f195
--- /dev/null
+++ b/terraform/modules/aws-r53/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = "1.4.4"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "5.36.0"
+ }
+ }
+}
diff --git a/terraform/modules/vpc/main.tf b/terraform/modules/aws-vpc/main.tf
similarity index 100%
rename from terraform/modules/vpc/main.tf
rename to terraform/modules/aws-vpc/main.tf
diff --git a/terraform/modules/vpc/outputs.tf b/terraform/modules/aws-vpc/outputs.tf
similarity index 100%
rename from terraform/modules/vpc/outputs.tf
rename to terraform/modules/aws-vpc/outputs.tf
diff --git a/terraform/modules/vpc/variables.tf b/terraform/modules/aws-vpc/variables.tf
similarity index 57%
rename from terraform/modules/vpc/variables.tf
rename to terraform/modules/aws-vpc/variables.tf
index b6f07dda..5bd702fa 100644
--- a/terraform/modules/vpc/variables.tf
+++ b/terraform/modules/aws-vpc/variables.tf
@@ -1,15 +1,17 @@
variable "name" {
-
+ type = string
}
variable "single_nat_gateway" {
-
+ type = bool
+ default = false
}
variable "cidr" {
-
+ type = string
}
variable "azs" {
type = list(any)
}
variable "tags" {
- type = any
+ type = any
+ default = {}
}
diff --git a/terraform/modules/aws-vpc/versions.tf b/terraform/modules/aws-vpc/versions.tf
new file mode 100644
index 00000000..fac1f195
--- /dev/null
+++ b/terraform/modules/aws-vpc/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = "1.4.4"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "5.36.0"
+ }
+ }
+}
diff --git a/terraform/layer2-k8s/README.md b/terraform/modules/k8s-addons/README.md
similarity index 100%
rename from terraform/layer2-k8s/README.md
rename to terraform/modules/k8s-addons/README.md
diff --git a/terraform/layer2-k8s/aws-sm-secrets.tf b/terraform/modules/k8s-addons/aws-sm-secrets.tf
similarity index 100%
rename from terraform/layer2-k8s/aws-sm-secrets.tf
rename to terraform/modules/k8s-addons/aws-sm-secrets.tf
diff --git a/terraform/layer2-k8s/demo.tfvars.example b/terraform/modules/k8s-addons/demo.tfvars.example
similarity index 100%
rename from terraform/layer2-k8s/demo.tfvars.example
rename to terraform/modules/k8s-addons/demo.tfvars.example
diff --git a/terraform/layer2-k8s/eks-aws-loadbalancer-controller.tf b/terraform/modules/k8s-addons/eks-aws-loadbalancer-controller.tf
similarity index 99%
rename from terraform/layer2-k8s/eks-aws-loadbalancer-controller.tf
rename to terraform/modules/k8s-addons/eks-aws-loadbalancer-controller.tf
index 8a1533cc..159c603d 100644
--- a/terraform/layer2-k8s/eks-aws-loadbalancer-controller.tf
+++ b/terraform/modules/k8s-addons/eks-aws-loadbalancer-controller.tf
@@ -25,7 +25,7 @@ VALUES
module "aws_load_balancer_controller_namespace" {
count = local.aws_load_balancer_controller.enabled ? 1 : 0
- source = "../modules/eks-kubernetes-namespace"
+ source = "../eks-kubernetes-namespace"
name = local.aws_load_balancer_controller.namespace
network_policies = [
{
@@ -98,7 +98,7 @@ module "aws_load_balancer_controller_namespace" {
module "aws_iam_aws_loadbalancer_controller" {
count = local.aws_load_balancer_controller.enabled ? 1 : 0
- source = "../modules/aws-iam-eks-trusted"
+ source = "../aws-iam-eks-trusted"
name = "${local.name}-aws-lb-controller"
region = local.region
oidc_provider_arn = local.eks_oidc_provider_arn
diff --git a/terraform/layer2-k8s/eks-cert-manager.tf b/terraform/modules/k8s-addons/eks-cert-manager.tf
similarity index 98%
rename from terraform/layer2-k8s/eks-cert-manager.tf
rename to terraform/modules/k8s-addons/eks-cert-manager.tf
index da5018aa..d2962329 100644
--- a/terraform/layer2-k8s/eks-cert-manager.tf
+++ b/terraform/modules/k8s-addons/eks-cert-manager.tf
@@ -52,7 +52,7 @@ VALUES
module "certmanager_namespace" {
count = local.cert_manager.enabled ? 1 : 0
- source = "../modules/eks-kubernetes-namespace"
+ source = "../eks-kubernetes-namespace"
name = local.cert_manager.namespace
network_policies = [
{
@@ -125,7 +125,7 @@ module "certmanager_namespace" {
module "aws_iam_cert_manager" {
count = local.cert_manager.enabled ? 1 : 0
- source = "../modules/aws-iam-eks-trusted"
+ source = "../aws-iam-eks-trusted"
name = "${local.name}-${local.cert_manager.name}"
region = local.region
oidc_provider_arn = local.eks_oidc_provider_arn
diff --git a/terraform/layer2-k8s/eks-elk.tf b/terraform/modules/k8s-addons/eks-elk.tf
similarity index 99%
rename from terraform/layer2-k8s/eks-elk.tf
rename to terraform/modules/k8s-addons/eks-elk.tf
index eafc5187..753b4d8f 100644
--- a/terraform/layer2-k8s/eks-elk.tf
+++ b/terraform/modules/k8s-addons/eks-elk.tf
@@ -585,7 +585,7 @@ VALUES
module "elk_namespace" {
count = local.elk.enabled ? 1 : 0
- source = "../modules/eks-kubernetes-namespace"
+ source = "../eks-kubernetes-namespace"
name = local.elk.namespace
network_policies = [
{
@@ -668,7 +668,7 @@ module "elk_namespace" {
module "elastic_tls" {
count = local.elk.enabled ? 1 : 0
- source = "../modules/self-signed-certificate"
+ source = "../self-signed-certificate"
name = local.name
common_name = "elasticsearch-master"
dns_names = [local.domain_name, "*.${local.domain_name}", "elasticsearch-master", "elasticsearch-master.${module.elk_namespace[count.index].name}", "kibana", "kibana.${module.elk_namespace[count.index].name}", "kibana-kibana", "kibana-kibana.${module.elk_namespace[count.index].name}", "logstash", "logstash.${module.elk_namespace[count.index].name}"]
@@ -679,7 +679,7 @@ module "elastic_tls" {
module "aws_iam_elastic_stack" {
count = local.elk.enabled ? 1 : 0
- source = "../modules/aws-iam-user-with-policy"
+ source = "../aws-iam-user-with-policy"
name = "${local.name}-${local.elk.name}"
policy = jsonencode({
"Version" : "2012-10-17",
diff --git a/terraform/layer2-k8s/eks-external-dns.tf b/terraform/modules/k8s-addons/eks-external-dns.tf
similarity index 97%
rename from terraform/layer2-k8s/eks-external-dns.tf
rename to terraform/modules/k8s-addons/eks-external-dns.tf
index 6819de8c..978ad331 100644
--- a/terraform/layer2-k8s/eks-external-dns.tf
+++ b/terraform/modules/k8s-addons/eks-external-dns.tf
@@ -36,7 +36,7 @@ VALUES
module "external_dns_namespace" {
count = local.external_dns.enabled ? 1 : 0
- source = "../modules/eks-kubernetes-namespace"
+ source = "../eks-kubernetes-namespace"
name = local.external_dns.namespace
network_policies = [
{
@@ -83,7 +83,7 @@ module "external_dns_namespace" {
module "aws_iam_external_dns" {
count = local.external_dns.enabled ? 1 : 0
- source = "../modules/aws-iam-eks-trusted"
+ source = "../aws-iam-eks-trusted"
name = "${local.name}-${local.external_dns.name}"
region = local.region
oidc_provider_arn = local.eks_oidc_provider_arn
diff --git a/terraform/layer2-k8s/eks-external-secrets.tf b/terraform/modules/k8s-addons/eks-external-secrets.tf
similarity index 98%
rename from terraform/layer2-k8s/eks-external-secrets.tf
rename to terraform/modules/k8s-addons/eks-external-secrets.tf
index 3ea2085f..5d14fee3 100644
--- a/terraform/layer2-k8s/eks-external-secrets.tf
+++ b/terraform/modules/k8s-addons/eks-external-secrets.tf
@@ -70,7 +70,7 @@ VALUES
module "external_secrets_namespace" {
count = local.external_secrets.enabled ? 1 : 0
- source = "../modules/eks-kubernetes-namespace"
+ source = "../eks-kubernetes-namespace"
name = local.external_secrets.namespace
network_policies = [
{
diff --git a/terraform/layer2-k8s/eks-fargate.tf b/terraform/modules/k8s-addons/eks-fargate.tf
similarity index 74%
rename from terraform/layer2-k8s/eks-fargate.tf
rename to terraform/modules/k8s-addons/eks-fargate.tf
index 69643566..1e15b690 100644
--- a/terraform/layer2-k8s/eks-fargate.tf
+++ b/terraform/modules/k8s-addons/eks-fargate.tf
@@ -1,5 +1,5 @@
# Calico is not supported when using Fargate with Amazon EKS (NetworkPolicies won't work)
module "fargate_namespace" {
- source = "../modules/eks-kubernetes-namespace"
+ source = "../eks-kubernetes-namespace"
name = "fargate"
}
diff --git a/terraform/layer2-k8s/eks-gitlab-runner.tf b/terraform/modules/k8s-addons/eks-gitlab-runner.tf
similarity index 98%
rename from terraform/layer2-k8s/eks-gitlab-runner.tf
rename to terraform/modules/k8s-addons/eks-gitlab-runner.tf
index 1aee181a..10f0e3c4 100644
--- a/terraform/layer2-k8s/eks-gitlab-runner.tf
+++ b/terraform/modules/k8s-addons/eks-gitlab-runner.tf
@@ -68,7 +68,7 @@ VALUES
module "gitlab_runner_namespace" {
count = local.gitlab_runner.enabled ? 1 : 0
- source = "../modules/eks-kubernetes-namespace"
+ source = "../eks-kubernetes-namespace"
name = "gitlab-runner"
network_policies = [
{
@@ -182,7 +182,7 @@ resource "aws_s3_bucket_public_access_block" "gitlab_runner_cache_public_access_
module "aws_iam_gitlab_runner" {
count = local.gitlab_runner.enabled ? 1 : 0
- source = "../modules/aws-iam-eks-trusted"
+ source = "../aws-iam-eks-trusted"
name = "${local.name}-${local.gitlab_runner.name}"
region = local.region
oidc_provider_arn = local.eks_oidc_provider_arn
diff --git a/terraform/layer2-k8s/eks-ingress-nginx-controller.tf b/terraform/modules/k8s-addons/eks-ingress-nginx-controller.tf
similarity index 99%
rename from terraform/layer2-k8s/eks-ingress-nginx-controller.tf
rename to terraform/modules/k8s-addons/eks-ingress-nginx-controller.tf
index 34d1c429..2c53e917 100644
--- a/terraform/layer2-k8s/eks-ingress-nginx-controller.tf
+++ b/terraform/modules/k8s-addons/eks-ingress-nginx-controller.tf
@@ -71,7 +71,7 @@ VALUES
module "ingress_nginx_namespace" {
count = local.ingress_nginx.enabled ? 1 : 0
- source = "../modules/eks-kubernetes-namespace"
+ source = "../eks-kubernetes-namespace"
name = local.ingress_nginx.namespace
network_policies = [
{
diff --git a/terraform/layer2-k8s/eks-istio.tf b/terraform/modules/k8s-addons/eks-istio.tf
similarity index 99%
rename from terraform/layer2-k8s/eks-istio.tf
rename to terraform/modules/k8s-addons/eks-istio.tf
index f3ade72a..ce1d9667 100644
--- a/terraform/layer2-k8s/eks-istio.tf
+++ b/terraform/modules/k8s-addons/eks-istio.tf
@@ -99,7 +99,7 @@ VALUES
module "istio_system_namespace" {
count = local.istio.enabled ? 1 : 0
- source = "../modules/eks-kubernetes-namespace"
+ source = "../eks-kubernetes-namespace"
name = local.istio.namespace
network_policies = concat([
{
@@ -253,7 +253,7 @@ module "istio_system_namespace" {
module "kiali_namespace" {
count = local.kiali_server.enabled ? 1 : 0
- source = "../modules/eks-kubernetes-namespace"
+ source = "../eks-kubernetes-namespace"
name = local.kiali_server.namespace
network_policies = [
{
diff --git a/terraform/layer2-k8s/eks-karpenter.tf b/terraform/modules/k8s-addons/eks-karpenter.tf
similarity index 99%
rename from terraform/layer2-k8s/eks-karpenter.tf
rename to terraform/modules/k8s-addons/eks-karpenter.tf
index a4563d3d..981494e8 100644
--- a/terraform/layer2-k8s/eks-karpenter.tf
+++ b/terraform/modules/k8s-addons/eks-karpenter.tf
@@ -54,7 +54,7 @@ module "karpenter" {
module "karpenter_namespace" {
count = local.karpenter.enabled ? 1 : 0
- source = "../modules/eks-kubernetes-namespace"
+ source = "../eks-kubernetes-namespace"
name = local.karpenter.namespace
}
diff --git a/terraform/layer2-k8s/eks-keda.tf b/terraform/modules/k8s-addons/eks-keda.tf
similarity index 97%
rename from terraform/layer2-k8s/eks-keda.tf
rename to terraform/modules/k8s-addons/eks-keda.tf
index d191829b..189ea83e 100644
--- a/terraform/layer2-k8s/eks-keda.tf
+++ b/terraform/modules/k8s-addons/eks-keda.tf
@@ -12,7 +12,7 @@ locals {
module "keda_namespace" {
count = local.keda.enabled ? 1 : 0
- source = "../modules/eks-kubernetes-namespace"
+ source = "../eks-kubernetes-namespace"
name = local.keda.namespace
network_policies = [
{
diff --git a/terraform/layer2-k8s/eks-kube-prometheus-stack.tf b/terraform/modules/k8s-addons/eks-kube-prometheus-stack.tf
similarity index 99%
rename from terraform/layer2-k8s/eks-kube-prometheus-stack.tf
rename to terraform/modules/k8s-addons/eks-kube-prometheus-stack.tf
index 19859c0f..e32109e1 100644
--- a/terraform/layer2-k8s/eks-kube-prometheus-stack.tf
+++ b/terraform/modules/k8s-addons/eks-kube-prometheus-stack.tf
@@ -341,7 +341,7 @@ VALUES
module "kube_prometheus_stack_namespace" {
count = local.kube_prometheus_stack.enabled ? 1 : 0
- source = "../modules/eks-kubernetes-namespace"
+ source = "../eks-kubernetes-namespace"
name = local.kube_prometheus_stack.namespace
network_policies = concat([
{
@@ -462,7 +462,7 @@ module "kube_prometheus_stack_namespace" {
module "aws_iam_kube_prometheus_stack_grafana" {
count = local.kube_prometheus_stack.enabled ? 1 : 0
- source = "../modules/aws-iam-eks-trusted"
+ source = "../aws-iam-eks-trusted"
name = "${local.name}-grafana"
region = local.region
oidc_provider_arn = local.eks_oidc_provider_arn
diff --git a/terraform/layer2-k8s/eks-loki-stack.tf b/terraform/modules/k8s-addons/eks-loki-stack.tf
similarity index 98%
rename from terraform/layer2-k8s/eks-loki-stack.tf
rename to terraform/modules/k8s-addons/eks-loki-stack.tf
index 48c9324d..3c22eb6f 100644
--- a/terraform/layer2-k8s/eks-loki-stack.tf
+++ b/terraform/modules/k8s-addons/eks-loki-stack.tf
@@ -62,7 +62,7 @@ VALUES
module "loki_namespace" {
count = local.loki_stack.enabled ? 1 : 0
- source = "../modules/eks-kubernetes-namespace"
+ source = "../eks-kubernetes-namespace"
name = local.loki_stack.namespace
network_policies = [
{
diff --git a/terraform/layer2-k8s/eks-prometheus-operator-crds.tf b/terraform/modules/k8s-addons/eks-prometheus-operator-crds.tf
similarity index 100%
rename from terraform/layer2-k8s/eks-prometheus-operator-crds.tf
rename to terraform/modules/k8s-addons/eks-prometheus-operator-crds.tf
diff --git a/terraform/layer2-k8s/eks-reloader.tf b/terraform/modules/k8s-addons/eks-reloader.tf
similarity index 97%
rename from terraform/layer2-k8s/eks-reloader.tf
rename to terraform/modules/k8s-addons/eks-reloader.tf
index 85cf3cc0..c7bfc7ae 100644
--- a/terraform/layer2-k8s/eks-reloader.tf
+++ b/terraform/modules/k8s-addons/eks-reloader.tf
@@ -12,7 +12,7 @@ locals {
module "reloader_namespace" {
count = local.reloader.enabled ? 1 : 0
- source = "../modules/eks-kubernetes-namespace"
+ source = "../eks-kubernetes-namespace"
name = local.reloader.namespace
network_policies = [
{
diff --git a/terraform/layer2-k8s/eks-storageclass.tf b/terraform/modules/k8s-addons/eks-storageclass.tf
similarity index 100%
rename from terraform/layer2-k8s/eks-storageclass.tf
rename to terraform/modules/k8s-addons/eks-storageclass.tf
diff --git a/terraform/layer2-k8s/eks-victoria-metrics-k8s-stack.tf b/terraform/modules/k8s-addons/eks-victoria-metrics-k8s-stack.tf
similarity index 99%
rename from terraform/layer2-k8s/eks-victoria-metrics-k8s-stack.tf
rename to terraform/modules/k8s-addons/eks-victoria-metrics-k8s-stack.tf
index fd666386..d7e94d8b 100644
--- a/terraform/layer2-k8s/eks-victoria-metrics-k8s-stack.tf
+++ b/terraform/modules/k8s-addons/eks-victoria-metrics-k8s-stack.tf
@@ -345,7 +345,7 @@ VALUES
module "victoria_metrics_k8s_stack_namespace" {
count = local.victoria_metrics_k8s_stack.enabled ? 1 : 0
- source = "../modules/eks-kubernetes-namespace"
+ source = "../eks-kubernetes-namespace"
name = local.victoria_metrics_k8s_stack.namespace
network_policies = concat([
{
@@ -466,7 +466,7 @@ module "victoria_metrics_k8s_stack_namespace" {
module "aws_iam_victoria_metrics_k8s_stack_grafana" {
count = local.victoria_metrics_k8s_stack.enabled ? 1 : 0
- source = "../modules/aws-iam-eks-trusted"
+ source = "../aws-iam-eks-trusted"
name = "${local.name}-grafana"
region = local.region
oidc_provider_arn = local.eks_oidc_provider_arn
diff --git a/terraform/layer2-k8s/helm-releases.yaml b/terraform/modules/k8s-addons/helm-releases.yaml
similarity index 100%
rename from terraform/layer2-k8s/helm-releases.yaml
rename to terraform/modules/k8s-addons/helm-releases.yaml
diff --git a/terraform/layer2-k8s/locals.tf b/terraform/modules/k8s-addons/locals.tf
similarity index 100%
rename from terraform/layer2-k8s/locals.tf
rename to terraform/modules/k8s-addons/locals.tf
diff --git a/terraform/layer2-k8s/main.tf b/terraform/modules/k8s-addons/main.tf
similarity index 100%
rename from terraform/layer2-k8s/main.tf
rename to terraform/modules/k8s-addons/main.tf
diff --git a/terraform/layer2-k8s/outputs.tf b/terraform/modules/k8s-addons/outputs.tf
similarity index 100%
rename from terraform/layer2-k8s/outputs.tf
rename to terraform/modules/k8s-addons/outputs.tf
diff --git a/terraform/layer2-k8s/variables.tf b/terraform/modules/k8s-addons/variables.tf
similarity index 65%
rename from terraform/layer2-k8s/variables.tf
rename to terraform/modules/k8s-addons/variables.tf
index 7e5477f5..7ed4f5b1 100644
--- a/terraform/layer2-k8s/variables.tf
+++ b/terraform/modules/k8s-addons/variables.tf
@@ -17,33 +17,6 @@ variable "environment" {
description = "Env name"
}
-variable "short_region" {
- description = "The abbreviated name of the region, required to form unique resource names"
- default = {
- us-east-1 = "use1" # US East (N. Virginia)
- us-east-2 = "use2" # US East (Ohio)
- us-west-1 = "usw1" # US West (N. California)
- us-west-2 = "usw2" # US West (Oregon)
- ap-east-1 = "ape1" # Asia Pacific (Hong Kong)
- ap-south-1 = "aps1" # Asia Pacific (Mumbai)
- ap-northeast-2 = "apn2" # Asia Pacific (Seoul)
- ap-northeast-1 = "apn1" # Asia Pacific (Tokyo)
- ap-southeast-1 = "apse1" # Asia Pacific (Singapore)
- ap-southeast-2 = "apse2" # Asia Pacific (Sydney)
- ca-central-1 = "cac1" # Canada (Central)
- cn-north-1 = "cnn1" # China (Beijing)
- cn-northwest-1 = "cnnw1" # China (Ningxia)
- eu-central-1 = "euc1" # EU (Frankfurt)
- eu-west-1 = "euw1" # EU (Ireland)
- eu-west-2 = "euw2" # EU (London)
- eu-west-3 = "euw3" # EU (Paris)
- eu-north-1 = "eun1" # EU (Stockholm)
- sa-east-1 = "sae1" # South America (Sao Paulo)
- us-gov-east-1 = "usge1" # AWS GovCloud (US-East)
- us-gov-west-1 = "usgw1" # AWS GovCloud (US)
- }
-}
-
variable "domain_name" {
description = "Main public domain name"
}
diff --git a/terraform/layer2-k8s/versions.tf b/terraform/modules/k8s-addons/versions.tf
similarity index 100%
rename from terraform/layer2-k8s/versions.tf
rename to terraform/modules/k8s-addons/versions.tf
diff --git a/terragrunt/us-east-1/demo/common/aws-base/.terraform.lock.hcl b/terragrunt/ACCOUNT_ID/aws-users-password-policy/.terraform.lock.hcl
similarity index 93%
rename from terragrunt/us-east-1/demo/common/aws-base/.terraform.lock.hcl
rename to terragrunt/ACCOUNT_ID/aws-users-password-policy/.terraform.lock.hcl
index 586b107c..46f150b8 100644
--- a/terragrunt/us-east-1/demo/common/aws-base/.terraform.lock.hcl
+++ b/terragrunt/ACCOUNT_ID/aws-users-password-policy/.terraform.lock.hcl
@@ -3,7 +3,7 @@
provider "registry.terraform.io/hashicorp/aws" {
version = "5.36.0"
- constraints = ">= 2.49.0, >= 3.0.0, >= 3.34.0, >= 3.35.0, >= 4.7.0, >= 4.40.0, 5.36.0"
+ constraints = "5.36.0"
hashes = [
"h1:54QgAU2vY65WZsiZ9FligQfIf7hQUvwse4ezMwVMwgg=",
"zh:0da8409db879b2c400a7d9ed1311ba6d9eb1374ea08779eaf0c5ad0af00ac558",
diff --git a/terragrunt/ACCOUNT_ID/aws-users-password-policy/terragrunt.hcl b/terragrunt/ACCOUNT_ID/aws-users-password-policy/terragrunt.hcl
new file mode 100644
index 00000000..622df1ed
--- /dev/null
+++ b/terragrunt/ACCOUNT_ID/aws-users-password-policy/terragrunt.hcl
@@ -0,0 +1,3 @@
+terraform {
+ source = "${get_path_to_repo_root()}/terraform/modules//aws-password-policy"
+}
diff --git a/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-acm/.terraform.lock.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-acm/.terraform.lock.hcl
new file mode 100644
index 00000000..45bbd36e
--- /dev/null
+++ b/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-acm/.terraform.lock.hcl
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "5.36.0"
+ constraints = ">= 4.40.0, 5.36.0"
+ hashes = [
+ "h1:54QgAU2vY65WZsiZ9FligQfIf7hQUvwse4ezMwVMwgg=",
+ "zh:0da8409db879b2c400a7d9ed1311ba6d9eb1374ea08779eaf0c5ad0af00ac558",
+ "zh:1b7521567e1602bfff029f88ccd2a182cdf97861c9671478660866472c3333fa",
+ "zh:1cab4e6f3a1d008d01df44a52132a90141389e77dbb4ec4f6ac1119333242ecf",
+ "zh:1df9f73595594ce8293fb21287bcacf5583ae82b9f3a8e5d704109b8cf691646",
+ "zh:2b5909268db44b6be95ff6f9dc80d5f87ca8f63ba530fe66723c5fdeb17695fc",
+ "zh:37dd731eeb0bc1b20e3ec3a0cb5eb7a730edab425058ff40f2243438acc82830",
+ "zh:3e94c76a2b607a1174d10f5712aed16cb32216ac1c91bd6f21749d61a14045ac",
+ "zh:40e6ba3184d2d3bf283a07feed8b79c1bbc537a91215cac7b3521b9ccb3e503e",
+ "zh:67e52353fea47eb97825f6eb6fddd1935e0ff3b53a8861d23a70c2babf83ae51",
+ "zh:6d2e2f390e0c7b2cd2344b1d5d6eec8a1c11cf35d19f1d6f341286f2449e9e10",
+ "zh:7005483c43926800fad5bb18e27be883dac4339edb83a8f18ccdc7edf86fafc2",
+ "zh:7073fa7ccaa9b07c2cf7b24550a90e11f4880afd5c53afd51278eff0154692a0",
+ "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+ "zh:a6d48620e526c766faec9aeb20c40a98c1810c69b6699168d725f721dfe44846",
+ "zh:e29b651b5f39324656f466cd24a54861795cc423a1b58372f4e1d2d2112d10a0",
+ ]
+}
diff --git a/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-acm/terragrunt.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-acm/terragrunt.hcl
new file mode 100644
index 00000000..1c5da4db
--- /dev/null
+++ b/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-acm/terragrunt.hcl
@@ -0,0 +1,37 @@
+include "root" {
+ path = find_in_parent_folders()
+ expose = true
+ merge_strategy = "deep"
+}
+
+include "env" {
+ path = find_in_parent_folders("env.hcl")
+ expose = true
+ merge_strategy = "deep"
+}
+
+dependencies {
+ paths = ["../aws-r53"]
+}
+
+dependency "r53" {
+ config_path = "../aws-r53"
+
+ mock_outputs_allowed_terraform_commands = ["init", "validate", "plan", "destroy"]
+
+ mock_outputs = {
+ route53_zone_id = "ZZZZ0ZZZ"
+ }
+}
+
+terraform {
+ source = "${get_path_to_repo_root()}/terraform//modules/aws-acm"
+}
+
+inputs = {
+ name = include.env.locals.name
+ domain_name = include.env.locals.values.domain_name
+ create_acm_certificate = include.env.locals.values.create_acm_certificate
+ zone_id = dependency.r53.outputs.route53_zone_id
+}
+
diff --git a/terragrunt/us-east-1/demo/common/eks/.terraform.lock.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-eks/.terraform.lock.hcl
similarity index 100%
rename from terragrunt/us-east-1/demo/common/eks/.terraform.lock.hcl
rename to terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-eks/.terraform.lock.hcl
diff --git a/terragrunt/us-east-1/demo/common/eks/terragrunt.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-eks/terragrunt.hcl
similarity index 90%
rename from terragrunt/us-east-1/demo/common/eks/terragrunt.hcl
rename to terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-eks/terragrunt.hcl
index 64460903..9a610015 100644
--- a/terragrunt/us-east-1/demo/common/eks/terragrunt.hcl
+++ b/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-eks/terragrunt.hcl
@@ -11,11 +11,11 @@ include "env" {
}
dependencies {
- paths = ["../vpc"]
+ paths = ["../aws-vpc"]
}
dependency "vpc" {
- config_path = "../vpc"
+ config_path = "../aws-vpc"
mock_outputs_allowed_terraform_commands = ["init", "validate", "plan", "destroy"]
@@ -47,16 +47,15 @@ generate "providers" {
}
terraform {
- source = "${get_terragrunt_dir()}/../../../../../terraform//modules/eks"
+ source = "${get_path_to_repo_root()}/terraform//modules/aws-eks"
}
inputs = {
name = include.env.locals.name
env = include.env.locals.values.environment
- tags = include.env.locals.tags
vpc_id = dependency.vpc.outputs.vpc_id
private_subnets = dependency.vpc.outputs.vpc_private_subnets
public_subnets = dependency.vpc.outputs.vpc_public_subnets
intra_subnets = dependency.vpc.outputs.vpc_intra_subnets
-}
\ No newline at end of file
+}
diff --git a/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-r53/.terraform.lock.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-r53/.terraform.lock.hcl
new file mode 100644
index 00000000..35801b69
--- /dev/null
+++ b/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-r53/.terraform.lock.hcl
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "5.36.0"
+ constraints = ">= 2.49.0, 5.36.0"
+ hashes = [
+ "h1:54QgAU2vY65WZsiZ9FligQfIf7hQUvwse4ezMwVMwgg=",
+ "zh:0da8409db879b2c400a7d9ed1311ba6d9eb1374ea08779eaf0c5ad0af00ac558",
+ "zh:1b7521567e1602bfff029f88ccd2a182cdf97861c9671478660866472c3333fa",
+ "zh:1cab4e6f3a1d008d01df44a52132a90141389e77dbb4ec4f6ac1119333242ecf",
+ "zh:1df9f73595594ce8293fb21287bcacf5583ae82b9f3a8e5d704109b8cf691646",
+ "zh:2b5909268db44b6be95ff6f9dc80d5f87ca8f63ba530fe66723c5fdeb17695fc",
+ "zh:37dd731eeb0bc1b20e3ec3a0cb5eb7a730edab425058ff40f2243438acc82830",
+ "zh:3e94c76a2b607a1174d10f5712aed16cb32216ac1c91bd6f21749d61a14045ac",
+ "zh:40e6ba3184d2d3bf283a07feed8b79c1bbc537a91215cac7b3521b9ccb3e503e",
+ "zh:67e52353fea47eb97825f6eb6fddd1935e0ff3b53a8861d23a70c2babf83ae51",
+ "zh:6d2e2f390e0c7b2cd2344b1d5d6eec8a1c11cf35d19f1d6f341286f2449e9e10",
+ "zh:7005483c43926800fad5bb18e27be883dac4339edb83a8f18ccdc7edf86fafc2",
+ "zh:7073fa7ccaa9b07c2cf7b24550a90e11f4880afd5c53afd51278eff0154692a0",
+ "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+ "zh:a6d48620e526c766faec9aeb20c40a98c1810c69b6699168d725f721dfe44846",
+ "zh:e29b651b5f39324656f466cd24a54861795cc423a1b58372f4e1d2d2112d10a0",
+ ]
+}
diff --git a/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-r53/terragrunt.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-r53/terragrunt.hcl
new file mode 100644
index 00000000..3aed4c64
--- /dev/null
+++ b/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-r53/terragrunt.hcl
@@ -0,0 +1,21 @@
+include "root" {
+ path = find_in_parent_folders()
+ expose = true
+ merge_strategy = "deep"
+}
+
+include "env" {
+ path = find_in_parent_folders("env.hcl")
+ expose = true
+ merge_strategy = "deep"
+}
+
+terraform {
+ source = "${get_path_to_repo_root()}/terraform//modules/aws-r53"
+}
+
+inputs = {
+ name = include.env.locals.name
+ domain_name = include.env.locals.values.domain_name
+ create_r53_zone = include.env.locals.values.create_r53_zone
+}
diff --git a/terragrunt/us-east-1/demo/common/vpc/.terraform.lock.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-vpc/.terraform.lock.hcl
similarity index 100%
rename from terragrunt/us-east-1/demo/common/vpc/.terraform.lock.hcl
rename to terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-vpc/.terraform.lock.hcl
diff --git a/terragrunt/us-east-1/demo/common/vpc/terragrunt.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-vpc/terragrunt.hcl
similarity index 71%
rename from terragrunt/us-east-1/demo/common/vpc/terragrunt.hcl
rename to terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-vpc/terragrunt.hcl
index ca54cf2b..83a206fd 100644
--- a/terragrunt/us-east-1/demo/common/vpc/terragrunt.hcl
+++ b/terragrunt/ACCOUNT_ID/us-east-1/demo/common/aws-vpc/terragrunt.hcl
@@ -11,14 +11,13 @@ include "env" {
}
terraform {
- source = "${get_terragrunt_dir()}/../../../../../terraform//modules/vpc"
+ source = "${get_path_to_repo_root()}/terraform//modules/aws-vpc"
}
inputs = {
name = include.env.locals.name
- cidr = include.env.locals.values.cidr_block
+ cidr = include.env.locals.values.vpc_cidr
azs = include.env.locals.values.azs
single_nat_gateway = include.env.locals.values.single_nat_gateway
- tags = include.env.locals.tags
}
diff --git a/terragrunt/us-east-1/demo/env.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/env.hcl
similarity index 88%
rename from terragrunt/us-east-1/demo/env.hcl
rename to terragrunt/ACCOUNT_ID/us-east-1/demo/env.hcl
index 27ba8a0b..b5a81f2d 100644
--- a/terragrunt/us-east-1/demo/env.hcl
+++ b/terragrunt/ACCOUNT_ID/us-east-1/demo/env.hcl
@@ -5,10 +5,6 @@ locals {
)
name = "${local.values.name}-${local.values.environment}-${local.values.short_region[local.values.region]}"
name_wo_region = "${local.values.name}-${local.values.environment}"
- tags = {
- Name = local.values.name
- Environment = local.values.environment
- }
}
inputs = local.values
diff --git a/terragrunt/us-east-1/demo/env.yaml b/terragrunt/ACCOUNT_ID/us-east-1/demo/env.yaml
similarity index 66%
rename from terragrunt/us-east-1/demo/env.yaml
rename to terragrunt/ACCOUNT_ID/us-east-1/demo/env.yaml
index 33149714..20401a8c 100644
--- a/terragrunt/us-east-1/demo/env.yaml
+++ b/terragrunt/ACCOUNT_ID/us-east-1/demo/env.yaml
@@ -1,12 +1,17 @@
---
name : "maddevs"
-domain_name: "maddevs.org"
environment: "demo"
+domain_name: "maddevs.org"
+create_r53_zone: false
+create_acm_certificate: true
+
+
allowed_ips:
- "0.0.0.0/0"
-cidr_block: "10.0.0.0/16"
+vpc_cidr: "10.0.0.0/16"
single_nat_gateway: true
eks_cluster_version: "1.29"
+
diff --git a/terragrunt/us-east-1/demo/k8s-addons/.terraform.lock.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/k8s-addons/.terraform.lock.hcl
similarity index 100%
rename from terragrunt/us-east-1/demo/k8s-addons/.terraform.lock.hcl
rename to terragrunt/ACCOUNT_ID/us-east-1/demo/k8s-addons/.terraform.lock.hcl
diff --git a/terragrunt/us-east-1/demo/k8s-addons/terragrunt.hcl b/terragrunt/ACCOUNT_ID/us-east-1/demo/k8s-addons/terragrunt.hcl
similarity index 73%
rename from terragrunt/us-east-1/demo/k8s-addons/terragrunt.hcl
rename to terragrunt/ACCOUNT_ID/us-east-1/demo/k8s-addons/terragrunt.hcl
index 32467ef5..eb9696f4 100644
--- a/terragrunt/us-east-1/demo/k8s-addons/terragrunt.hcl
+++ b/terragrunt/ACCOUNT_ID/us-east-1/demo/k8s-addons/terragrunt.hcl
@@ -10,49 +10,51 @@ include "env" {
merge_strategy = "deep"
}
-terraform {
- source = "${get_terragrunt_dir()}/../../../../terraform//layer2-k8s"
-}
dependencies {
- paths = ["../common/aws-base", "../common/vpc", "../common/eks"]
+ paths = ["../common/aws-vpc", "../common/aws-eks", "../common/aws-acm", "../common/aws-r53"]
}
-dependency "aws-base" {
- config_path = "../common/aws-base"
+dependency "vpc" {
+ config_path = "../common/aws-vpc"
mock_outputs_allowed_terraform_commands = ["init", "validate", "plan", "destroy"]
mock_outputs = {
- route53_zone_id = "Z058363314IT7VAKRA777"
- ssl_certificate_arn = "arn:aws:acm:us-east-1:730808884724:certificate/fa029132-86ab-7777-8888-8e1fd5c56c29"
+ vpc_id = "vpc-0f5b1b5f788888888"
}
}
-dependency "vpc" {
- config_path = "../common/vpc"
+dependency "eks" {
+ config_path = "../common/aws-eks"
mock_outputs_allowed_terraform_commands = ["init", "validate", "plan", "destroy"]
mock_outputs = {
- vpc_id = "vpc-0f5b1b5f788888888"
- vpc_cidr = "10.0.0.0/16"
- vpc_private_subnets = ["10.0.0.0/16"]
- vpc_public_subnets = ["10.0.0.0/16"]
- vpc_intra_subnets = ["10.0.0.0/16"]
+ eks_cluster_id = "test"
+ eks_oidc_provider_arn = "arn:aws:iam::11111111:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/D55EEBDFE5510B81EEE2381B88888888"
+ node_group_default_iam_role_arn = "arn::"
+ node_group_default_iam_role_name = "test"
}
}
-dependency "eks" {
- config_path = "../common/eks"
+dependency "aws-acm" {
+ config_path = "../common/aws-acm"
mock_outputs_allowed_terraform_commands = ["init", "validate", "plan", "destroy"]
mock_outputs = {
- eks_cluster_id = "test"
- eks_oidc_provider_arn = "arn:aws:iam::11111111:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/D55EEBDFE5510B81EEE2381B88888888"
- node_group_default_iam_role_arn = "arn::"
- node_group_default_iam_role_name = "test"
+ ssl_certificate_arn = "arn:aws:acm:us-east-1:111111111:certificate/fa029132-86ab-7777-8888-1111111"
+ }
+}
+
+dependency "aws-r53" {
+ config_path = "../common/aws-r53"
+
+ mock_outputs_allowed_terraform_commands = ["init", "validate", "plan", "destroy"]
+
+ mock_outputs = {
+ route53_zone_id = "Z058363314IT7VAKRA777"
}
}
@@ -94,17 +96,21 @@ generate "providers" {
EOF
}
+terraform {
+ source = "${get_path_to_repo_root()}/terraform/modules//k8s-addons"
+}
+
inputs = {
name = include.env.locals.name
name_wo_region = include.env.locals.name_wo_region
environment = include.env.locals.values.environment
- zone_id = dependency.aws-base.outputs.route53_zone_id
- ssl_certificate_arn = dependency.aws-base.outputs.ssl_certificate_arn
+ vpc_cidr = include.env.locals.values.vpc_cidr
vpc_id = dependency.vpc.outputs.vpc_id
- vpc_cidr = dependency.vpc.outputs.vpc_cidr
eks_cluster_id = dependency.eks.outputs.eks_cluster_id
eks_oidc_provider_arn = dependency.eks.outputs.eks_oidc_provider_arn
node_group_default_iam_role_arn = dependency.eks.outputs.node_group_default_iam_role_arn
node_group_default_iam_role_name = dependency.eks.outputs.node_group_default_iam_role_name
- helm_charts_path = "${get_terragrunt_dir()}/../../../../helm-charts"
+ zone_id = dependency.aws-r53.outputs.route53_zone_id
+ ssl_certificate_arn = dependency.aws-acm.outputs.ssl_certificate_arn
+ helm_charts_path = "${get_path_to_repo_root()}/helm-charts"
}
diff --git a/terragrunt/ACCOUNT_ID/us-east-1/ebs-encryption/.terraform.lock.hcl b/terragrunt/ACCOUNT_ID/us-east-1/ebs-encryption/.terraform.lock.hcl
new file mode 100644
index 00000000..46f150b8
--- /dev/null
+++ b/terragrunt/ACCOUNT_ID/us-east-1/ebs-encryption/.terraform.lock.hcl
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "5.36.0"
+ constraints = "5.36.0"
+ hashes = [
+ "h1:54QgAU2vY65WZsiZ9FligQfIf7hQUvwse4ezMwVMwgg=",
+ "zh:0da8409db879b2c400a7d9ed1311ba6d9eb1374ea08779eaf0c5ad0af00ac558",
+ "zh:1b7521567e1602bfff029f88ccd2a182cdf97861c9671478660866472c3333fa",
+ "zh:1cab4e6f3a1d008d01df44a52132a90141389e77dbb4ec4f6ac1119333242ecf",
+ "zh:1df9f73595594ce8293fb21287bcacf5583ae82b9f3a8e5d704109b8cf691646",
+ "zh:2b5909268db44b6be95ff6f9dc80d5f87ca8f63ba530fe66723c5fdeb17695fc",
+ "zh:37dd731eeb0bc1b20e3ec3a0cb5eb7a730edab425058ff40f2243438acc82830",
+ "zh:3e94c76a2b607a1174d10f5712aed16cb32216ac1c91bd6f21749d61a14045ac",
+ "zh:40e6ba3184d2d3bf283a07feed8b79c1bbc537a91215cac7b3521b9ccb3e503e",
+ "zh:67e52353fea47eb97825f6eb6fddd1935e0ff3b53a8861d23a70c2babf83ae51",
+ "zh:6d2e2f390e0c7b2cd2344b1d5d6eec8a1c11cf35d19f1d6f341286f2449e9e10",
+ "zh:7005483c43926800fad5bb18e27be883dac4339edb83a8f18ccdc7edf86fafc2",
+ "zh:7073fa7ccaa9b07c2cf7b24550a90e11f4880afd5c53afd51278eff0154692a0",
+ "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+ "zh:a6d48620e526c766faec9aeb20c40a98c1810c69b6699168d725f721dfe44846",
+ "zh:e29b651b5f39324656f466cd24a54861795cc423a1b58372f4e1d2d2112d10a0",
+ ]
+}
diff --git a/terragrunt/ACCOUNT_ID/us-east-1/ebs-encryption/terragrunt.hcl b/terragrunt/ACCOUNT_ID/us-east-1/ebs-encryption/terragrunt.hcl
new file mode 100644
index 00000000..4a9fa7c6
--- /dev/null
+++ b/terragrunt/ACCOUNT_ID/us-east-1/ebs-encryption/terragrunt.hcl
@@ -0,0 +1,19 @@
+include "root" {
+ path = find_in_parent_folders()
+ expose = true
+ merge_strategy = "deep"
+}
+
+include "region" {
+ path = find_in_parent_folders("region.hcl")
+ expose = true
+ merge_strategy = "deep"
+}
+
+terraform {
+ source = "${get_path_to_repo_root()}/terraform/modules//aws-ebs-encryption-default"
+}
+
+inputs = {
+ enable = include.region.locals.region_values.aws_ebs_encryption_by_default
+}
diff --git a/terragrunt/ACCOUNT_ID/us-east-1/region.hcl b/terragrunt/ACCOUNT_ID/us-east-1/region.hcl
new file mode 100644
index 00000000..b96cb7b0
--- /dev/null
+++ b/terragrunt/ACCOUNT_ID/us-east-1/region.hcl
@@ -0,0 +1,3 @@
+locals {
+ region_values = yamldecode(file("region.yaml"))
+}
diff --git a/terragrunt/us-east-1/region.yaml b/terragrunt/ACCOUNT_ID/us-east-1/region.yaml
similarity index 96%
rename from terragrunt/us-east-1/region.yaml
rename to terragrunt/ACCOUNT_ID/us-east-1/region.yaml
index df336efa..8725694a 100644
--- a/terragrunt/us-east-1/region.yaml
+++ b/terragrunt/ACCOUNT_ID/us-east-1/region.yaml
@@ -27,3 +27,5 @@ short_region:
sa-east-1: "sae1" # South America (Sao Paulo)
us-gov-east-1: "usge1" # AWS GovCloud (US-East)
us-gov-west-1: "usgw1" # AWS GovCloud (US)
+
+aws_ebs_encryption_by_default: true
diff --git a/terragrunt/us-east-1/demo/common/aws-base/terragrunt.hcl b/terragrunt/us-east-1/demo/common/aws-base/terragrunt.hcl
deleted file mode 100644
index 8545abd3..00000000
--- a/terragrunt/us-east-1/demo/common/aws-base/terragrunt.hcl
+++ /dev/null
@@ -1,45 +0,0 @@
-include "root" {
- path = find_in_parent_folders()
- expose = true
- merge_strategy = "deep"
-}
-
-include "env" {
- path = find_in_parent_folders("env.hcl")
- expose = true
- merge_strategy = "deep"
-}
-
-dependencies {
- paths = ["../vpc"]
-}
-
-dependency "vpc" {
- config_path = "../vpc"
-
- mock_outputs_allowed_terraform_commands = ["init", "validate", "plan", "destroy"]
-
- mock_outputs = {
- vpc_id = "vpc-0f5b1b5f788888888"
- vpc_cidr = "10.0.0.0/16"
- vpc_private_subnets = ["10.0.0.0/16"]
- vpc_public_subnets = ["10.0.0.0/16"]
- vpc_intra_subnets = ["10.0.0.0/16"]
- }
-}
-
-terraform {
- source = "${get_terragrunt_dir()}/../../../../../terraform//layer1-aws"
-}
-
-inputs = {
- name = include.env.locals.name
- env = include.env.locals.values.environment
- tags = include.env.locals.tags
-
- vpc_id = dependency.vpc.outputs.vpc_id
- private_subnets = dependency.vpc.outputs.vpc_private_subnets
- public_subnets = dependency.vpc.outputs.vpc_public_subnets
- intra_subnets = dependency.vpc.outputs.vpc_intra_subnets
- is_this_payment_account = false
-}
\ No newline at end of file