From f9369fed09fb1af57b6cc65b5ae78addad63e85e Mon Sep 17 00:00:00 2001 From: Administrator Date: Thu, 7 Mar 2024 10:29:05 +0530 Subject: [PATCH] route53 variable file --- vars/dev/acm.tfvars | 2 +- vars/dev/alb-asg.tfvars | 154 ++++++++++++++++++------------------- vars/dev/backend.tfvars | 18 ++--- vars/dev/ec2.tfvars | 16 ++-- vars/dev/rds.tfvars | 34 ++++---- vars/dev/route53.tfvars | 10 +++ vars/dev/tag-policy.tfvars | 18 ++--- vars/dev/vpc.tfvars | 4 +- 8 files changed, 133 insertions(+), 123 deletions(-) create mode 100644 vars/dev/route53.tfvars diff --git a/vars/dev/acm.tfvars b/vars/dev/acm.tfvars index 7dd45a3..5dadfb2 100644 --- a/vars/dev/acm.tfvars +++ b/vars/dev/acm.tfvars @@ -3,7 +3,7 @@ region = "us-west-2" domain_name = "prom.devopsproject.dev" validation_method = "DNS" key_algorithm = "RSA_2048" -certificate_transparency_logging_preference = "DISABLED" +certificate_transparency_logging_preference = "ENABLED" dns_domain_name = "devopsproject.dev" # Tag Keys diff --git a/vars/dev/alb-asg.tfvars b/vars/dev/alb-asg.tfvars index 118a9fb..be56f42 100644 --- a/vars/dev/alb-asg.tfvars +++ b/vars/dev/alb-asg.tfvars @@ -1,101 +1,101 @@ -region = "us-west-2" +region = "us-west-2" # alb -internal = false -loadbalancer_type = "application" -alb_subnets = ["subnet-058a7514ba8adbb07", "subnet-0dbcd1ac168414927", "subnet-032f5077729435858"] +internal = false +loadbalancer_type = "application" +alb_subnets = ["subnet-058a7514ba8adbb07", "subnet-0dbcd1ac168414927", "subnet-032f5077729435858"] #alb-sg -alb_ingress_cidr_from_port = [80] -alb_ingress_cidr_to_port = [80] -alb_ingress_cidr_protocol = ["tcp"] -alb_ingress_cidr_block = ["0.0.0.0/0"] -alb_create_ingress_cidr = true - -alb_ingress_sg_from_port = [8080] -alb_ingress_sg_to_port = [8080] -alb_ingress_sg_protocol = ["tcp"] -alb_create_ingress_sg = false - -alb_egress_cidr_from_port = [0] -alb_egress_cidr_to_port = [0] -alb_egress_cidr_protocol = ["-1"] -alb_egress_cidr_block = ["0.0.0.0/0"] -alb_create_egress_cidr = true - -alb_egress_sg_from_port = [0] -alb_egress_sg_to_port = [0] -alb_egress_sg_protocol = ["-1"] -alb_create_egress_sg = false +alb_ingress_cidr_from_port = [80] +alb_ingress_cidr_to_port = [80] +alb_ingress_cidr_protocol = ["tcp"] +alb_ingress_cidr_block = ["0.0.0.0/0"] +alb_create_ingress_cidr = true + +alb_ingress_sg_from_port = [8080] +alb_ingress_sg_to_port = [8080] +alb_ingress_sg_protocol = ["tcp"] +alb_create_ingress_sg = false + +alb_egress_cidr_from_port = [0] +alb_egress_cidr_to_port = [0] +alb_egress_cidr_protocol = ["-1"] +alb_egress_cidr_block = ["0.0.0.0/0"] +alb_create_egress_cidr = true + +alb_egress_sg_from_port = [0] +alb_egress_sg_to_port = [0] +alb_egress_sg_protocol = ["-1"] +alb_create_egress_sg = false # instance sg -ingress_cidr_from_port = [22] -ingress_cidr_to_port = [22] -ingress_cidr_protocol = ["tcp"] -ingress_cidr_block = ["0.0.0.0/0"] -create_ingress_cidr = true - -ingress_sg_from_port = [8080] -ingress_sg_to_port = [8080] -ingress_sg_protocol = ["tcp"] -create_ingress_sg = true - -egress_cidr_from_port = [0] -egress_cidr_to_port = [0] -egress_cidr_protocol = ["-1"] -egress_cidr_block = ["0.0.0.0/0"] -create_egress_cidr = true - -egress_sg_from_port = [8080] -egress_sg_to_port = [8080] -egress_sg_protocol = ["tcp"] -create_egress_sg = false +ingress_cidr_from_port = [22] +ingress_cidr_to_port = [22] +ingress_cidr_protocol = ["tcp"] +ingress_cidr_block = ["0.0.0.0/0"] +create_ingress_cidr = true + +ingress_sg_from_port = [8080] +ingress_sg_to_port = [8080] +ingress_sg_protocol = ["tcp"] +create_ingress_sg = true + +egress_cidr_from_port = [0] +egress_cidr_to_port = [0] +egress_cidr_protocol = ["-1"] +egress_cidr_block = ["0.0.0.0/0"] +create_egress_cidr = true + +egress_sg_from_port = [8080] +egress_sg_to_port = [8080] +egress_sg_protocol = ["tcp"] +create_egress_sg = false # target_group -target_group_port = 8080 -target_group_protocol = "HTTP" -target_type = "instance" -load_balancing_algorithm = "round_robin" +target_group_port = 8080 +target_group_protocol = "HTTP" +target_type = "instance" +load_balancing_algorithm = "round_robin" # health_check -health_check_path = "/" -health_check_port = 8080 -health_check_protocol = "HTTP" -health_check_interval = 30 -health_check_timeout = 5 -health_check_healthy_threshold = 2 -health_check_unhealthy_threshold= 2 +health_check_path = "/" +health_check_port = 8080 +health_check_protocol = "HTTP" +health_check_interval = 30 +health_check_timeout = 5 +health_check_healthy_threshold = 2 +health_check_unhealthy_threshold = 2 #alb_listener -listener_port = 80 -listener_protocol = "HTTP" -listener_type = "forward" +listener_port = 80 +listener_protocol = "HTTP" +listener_type = "forward" #launch_template -ami_id = "ami-020f3ca563c92097b" -instance_type = "t2.medium" -key_name = "techiescamp" -vpc_id = "vpc-0a5ca4a92c2e10163" -asg_subnets = ["subnet-058a7514ba8adbb07", "subnet-0dbcd1ac168414927", "subnet-032f5077729435858"] -public_access = true +ami_id = "ami-020f3ca563c92097b" +instance_type = "t2.medium" +key_name = "techiescamp" +vpc_id = "vpc-0a5ca4a92c2e10163" +asg_subnets = ["subnet-058a7514ba8adbb07", "subnet-0dbcd1ac168414927", "subnet-032f5077729435858"] +public_access = true #user_data -user_data = <<-EOF +user_data = <<-EOF #!/bin/bash bash /home/ubuntu/start.sh EOF #autoscaling_group -max_size = 2 -min_size = 1 -desired_capacity = 1 -propagate_at_launch = true -instance_warmup_time = 30 -target_value = 50 +max_size = 2 +min_size = 1 +desired_capacity = 1 +propagate_at_launch = true +instance_warmup_time = 30 +target_value = 50 #tags -owner = "techiescamp" -environment = "dev" -cost_center = "techiescamp-commerce" -application = "java-app" +owner = "techiescamp" +environment = "dev" +cost_center = "techiescamp-commerce" +application = "java-app" diff --git a/vars/dev/backend.tfvars b/vars/dev/backend.tfvars index 760210c..80428ce 100644 --- a/vars/dev/backend.tfvars +++ b/vars/dev/backend.tfvars @@ -1,10 +1,10 @@ -region = "us-west-2" -billing_mode = "PAY_PER_REQUEST" -hash_key = "LockID" -attribute_name = "LockID" -attribute_type = "S" +region = "us-west-2" +billing_mode = "PAY_PER_REQUEST" +hash_key = "LockID" +attribute_name = "LockID" +attribute_type = "S" -owner = "techiescamp" -environment = "dev" -cost_center = "techiescamp-commerce" -application = "java-app" \ No newline at end of file +owner = "techiescamp" +environment = "dev" +cost_center = "techiescamp-commerce" +application = "java-app" \ No newline at end of file diff --git a/vars/dev/ec2.tfvars b/vars/dev/ec2.tfvars index 24ae1f4..54a98a4 100644 --- a/vars/dev/ec2.tfvars +++ b/vars/dev/ec2.tfvars @@ -1,20 +1,20 @@ #IAM Policy -iam_policy_json_file = "ec2.json" +iam_policy_json_file = "ec2.json" # EC2 Instance Variables -region = "us-west-2" -ami_id = "ami-0e8ffa060937e44c7" -instance_type = "t2.micro" -key_name = "techiescamp" -instance_count = 1 -subnet_ids = ["subnet-034b5b81e1ee5e653", "subnet-0bfbbe8efe880be15", "subnet-059ad803aa3c5d9c5"] +region = "us-west-2" +ami_id = "ami-0e8ffa060937e44c7" +instance_type = "t2.micro" +key_name = "techiescamp" +instance_count = 1 +subnet_ids = ["subnet-034b5b81e1ee5e653", "subnet-0bfbbe8efe880be15", "subnet-059ad803aa3c5d9c5"] associate_public_ip_address = true attach_instance_profile = true attach_eip = false storage_size = 30 # EC2 Security Group Variables -vpc_id = "vpc-062e91b98392ca9a2" +vpc_id = "vpc-062e91b98392ca9a2" # Tag Keys owner = "techiescamp" diff --git a/vars/dev/rds.tfvars b/vars/dev/rds.tfvars index 82d45d8..b324ead 100644 --- a/vars/dev/rds.tfvars +++ b/vars/dev/rds.tfvars @@ -1,8 +1,8 @@ # Network Vars -region = "us-west-2" -subnet_ids = ["subnet-058a7514ba8adbb07", "subnet-0dbcd1ac168414927", "subnet-032f5077729435858"] -multi_az = false -publicly_accessible = true +region = "us-west-2" +subnet_ids = ["subnet-058a7514ba8adbb07", "subnet-0dbcd1ac168414927", "subnet-032f5077729435858"] +multi_az = false +publicly_accessible = true # DB Vars db_engine = "mysql" @@ -15,20 +15,20 @@ set_db_password = false db_password = "rdssecret" # Security Group Vars -from_port = 3306 -to_port = 3306 -protocol = "tcp" -cidr_block = ["0.0.0.0/0"] +from_port = 3306 +to_port = 3306 +protocol = "tcp" +cidr_block = ["0.0.0.0/0"] # Backup vars -backup_retention_period = 7 -delete_automated_backups = true -copy_tags_to_snapshot = true -skip_final_snapshot = true -apply_immediately = true +backup_retention_period = 7 +delete_automated_backups = true +copy_tags_to_snapshot = true +skip_final_snapshot = true +apply_immediately = true # Tag Vars -owner = "techiescamp-devops" -environment = "dev" -cost_center = "techiescamp" -application = "techiescamp-commerce" \ No newline at end of file +owner = "techiescamp-devops" +environment = "dev" +cost_center = "techiescamp" +application = "techiescamp-commerce" \ No newline at end of file diff --git a/vars/dev/route53.tfvars b/vars/dev/route53.tfvars new file mode 100644 index 0000000..01ace9c --- /dev/null +++ b/vars/dev/route53.tfvars @@ -0,0 +1,10 @@ +region = "us-west-2" + +dns_domain_name = "devopsproject.dev" + +# Tag Keys +name = "" +owner = "techiescamp" +environment = "dev" +cost_center = "techiescamp-commerce" +application = "route53" \ No newline at end of file diff --git a/vars/dev/tag-policy.tfvars b/vars/dev/tag-policy.tfvars index 38b8a14..b98e726 100644 --- a/vars/dev/tag-policy.tfvars +++ b/vars/dev/tag-policy.tfvars @@ -11,14 +11,14 @@ owner_tag_value = ["techiescamp"] costcenter_tag_key = "CostCenter" costcenter_tag_value = ["techiescamp-commerce"] application_tag_key = "Application" -enforce_for_values = ["dynamodb:*", "ec2:dhcp-options", "ec2:elastic-ip", "ec2:fpga-image", "ec2:instance", - "ec2:internet-gateway", "ec2:launch-template", "ec2:natgateway", "ec2:network-acl", - "ec2:network-interface", "ec2:route-table", "ec2:security-group", "ec2:snapshot", - "ec2:subnet", "ec2:volume", "ec2:vpc", "ec2:vpc-endpoint", "ec2:vpc-endpoint-service", - "ec2:vpc-peering-connection", "ec2:vpn-connection", "ec2:vpn-gateway", "elasticfilesystem:*", - "elasticloadbalancing:*", "iam:instance-profile", "iam:mfa", "iam:policy", "kms:*", - "lambda:*", "rds:cluster-pg", "rds:cluster-endpoint", "rds:es", "rds:og", "rds:pg", "rds:db-proxy", - "rds:db-proxy-endpoint", "rds:ri", "rds:secgrp", "rds:subgrp", "rds:target-group", "resource-groups:*", - "route53:hostedzone", "s3:bucket", "s3:bucket"] +enforce_for_values = ["dynamodb:*", "ec2:dhcp-options", "ec2:elastic-ip", "ec2:fpga-image", "ec2:instance", + "ec2:internet-gateway", "ec2:launch-template", "ec2:natgateway", "ec2:network-acl", + "ec2:network-interface", "ec2:route-table", "ec2:security-group", "ec2:snapshot", + "ec2:subnet", "ec2:volume", "ec2:vpc", "ec2:vpc-endpoint", "ec2:vpc-endpoint-service", + "ec2:vpc-peering-connection", "ec2:vpn-connection", "ec2:vpn-gateway", "elasticfilesystem:*", + "elasticloadbalancing:*", "iam:instance-profile", "iam:mfa", "iam:policy", "kms:*", + "lambda:*", "rds:cluster-pg", "rds:cluster-endpoint", "rds:es", "rds:og", "rds:pg", "rds:db-proxy", + "rds:db-proxy-endpoint", "rds:ri", "rds:secgrp", "rds:subgrp", "rds:target-group", "resource-groups:*", +"route53:hostedzone", "s3:bucket", "s3:bucket"] diff --git a/vars/dev/vpc.tfvars b/vars/dev/vpc.tfvars index f1965a0..a03c783 100644 --- a/vars/dev/vpc.tfvars +++ b/vars/dev/vpc.tfvars @@ -21,7 +21,7 @@ cost_center = "techiescamp-commerce" application = "ecommerce" -map_public_ip_on_launch = true +map_public_ip_on_launch = true #subnets public_subnet_cidr_blocks = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] @@ -31,7 +31,7 @@ management_subnet_cidr_blocks = ["10.0.10.0/24", "10.0.11.0/24", "10.0.12.0/24"] platform_subnet_cidr_blocks = ["10.0.13.0/24", "10.0.14.0/24", "10.0.15.0/24"] # Availability Zones -availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"] +availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"] #Public Subnet NACL