Feat/initial netwokr (#1)

soat-tech-challenge · Jan 27, 2024 · b855a44 · b855a44
2 parents ddef22f + ab97517
commit b855a44
Show file tree

Hide file tree

Showing 10 changed files with 317 additions and 0 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,15 @@
+name: Terraform Apply
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  terraform_apply:
+    name: Terraform Apply
+    uses: soat-tech-challenge/github-workflows/.github/workflows/terraform-apply.yml@main
+    secrets: inherit
+    with:
+      cloud_workspace: ${{ vars.TF_WORKSPACE }}
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -0,0 +1,30 @@
+name: Pull Request
+
+on:
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  tflint:
+    name: TFLint
+    uses: soat-tech-challenge/github-workflows/.github/workflows/tflint.yml@main
+
+  tfsec:
+    uses: soat-tech-challenge/github-workflows/.github/workflows/tfsec.yml@main
+
+    permissions:
+      contents: read
+      pull-requests: write
+
+  terraform-plan:
+    name: Terraform Plan
+    uses: soat-tech-challenge/github-workflows/.github/workflows/terraform-plan.yml@main
+    secrets: inherit
+    with:
+      cloud_workspace: ${{ vars.TF_WORKSPACE }}
+
+    permissions:
+      contents: read
+      pull-requests: write
diff --git a/.github/workflows/terraform-destroy.yml b/.github/workflows/terraform-destroy.yml
@@ -0,0 +1,11 @@
+name: Terraform Destroy
+
+on:
+  workflow_dispatch:
+
+jobs:
+  terraform_destroy:
+    uses: soat-tech-challenge/github-workflows/.github/workflows/terraform-destroy.yml@main
+    secrets: inherit
+    with:
+      cloud_workspace: ${{ vars.TF_WORKSPACE }}
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/datasources.tf b/datasources.tf
@@ -0,0 +1 @@
+
diff --git a/main.tf b/main.tf
@@ -0,0 +1,75 @@
+#tfsec:ignore:aws-ec2-require-vpc-flow-logs-for-all-vpcs
+resource "aws_vpc" "main" {
+  cidr_block = "10.0.0.0/16"
+
+  tags = {
+    Name = "SOAT Tech Challenge VPC"
+  }
+}
+
+resource "aws_subnet" "public_subnets" {
+  count = length(var.private_subnet_cidrs)
+
+  vpc_id            = aws_vpc.main.id
+  cidr_block        = element(var.public_subnet_cidrs, count.index)
+  availability_zone = element(local.azs, count.index)
+
+  tags = {
+    Name = "SOAT-TC Public Subnet ${count.index + 1}"
+  }
+}
+
+resource "aws_subnet" "private_subnets" {
+  count = length(var.private_subnet_cidrs)
+
+  vpc_id            = aws_vpc.main.id
+  cidr_block        = element(var.private_subnet_cidrs, count.index)
+  availability_zone = element(local.azs, count.index)
+
+  tags = {
+    Name = "SOAT-TC Private Subnet ${count.index + 1}"
+  }
+}
+
+
+resource "aws_internet_gateway" "main" {
+  vpc_id = aws_vpc.main.id
+
+  tags = {
+    Name = "SOAT-TC Internet Gateway"
+  }
+}
+
+resource "aws_route_table" "public_rt" {
+  vpc_id = aws_vpc.main.id
+
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.main.id
+  }
+
+  tags = {
+    Name = "SOAT-TC Public Route Table"
+  }
+}
+
+resource "aws_route_table" "private_rt" {
+  vpc_id = aws_vpc.main.id
+
+  tags = {
+    Name = "SOAT-TC Private Route Table"
+  }
+}
+
+resource "aws_route_table_association" "public_rt_association" {
+  count          = length(var.public_subnet_cidrs)
+  subnet_id      = element(aws_subnet.public_subnets[*].id, count.index)
+  route_table_id = aws_route_table.public_rt.id
+}
+
+resource "aws_route_table_association" "private_rt_association" {
+  count          = length(var.private_subnet_cidrs)
+  subnet_id      = element(aws_subnet.private_subnets[*].id, count.index)
+  route_table_id = aws_route_table.private_rt.id
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,58 @@
+output "vpc" {
+  description = "VPC"
+  value = {
+    "arn" : aws_vpc.main.arn,
+    "cidr_block" : aws_vpc.main.cidr_block,
+    "default_network_acl_id" : aws_vpc.main.default_network_acl_id,
+    "default_route_table_id" : aws_vpc.main.default_route_table_id,
+    "default_security_group_id" : aws_vpc.main.default_security_group_id,
+    "id" : aws_vpc.main.id
+    "main_route_table_id" : aws_vpc.main.main_route_table_id
+    "tags" : aws_vpc.main.tags
+  }
+}
+
+output "public_subnets" {
+  description = "Public Subnets"
+  value = [for sub in aws_subnet.public_subnets : {
+    "arn" : sub.arn,
+    "availability_zone" : sub.availability_zone,
+    "availability_zone_id" : sub.availability_zone_id,
+    "cidr_block" : sub.cidr_block,
+    "id" : sub.id,
+    "tags" : sub.tags
+    "vpc_id" : sub.vpc_id,
+  }]
+}
+
+output "private_subnets" {
+  description = "Private Subnets"
+  value = [for sub in aws_subnet.private_subnets : {
+    "arn" : sub.arn,
+    "availability_zone" : sub.availability_zone,
+    "availability_zone_id" : sub.availability_zone_id,
+    "cidr_block" : sub.cidr_block,
+    "id" : sub.id,
+    "tags" : sub.tags
+    "vpc_id" : sub.vpc_id,
+  }]
+}
+
+output "public_rt" {
+  description = "Public Route Tables"
+  value = {
+    "arn" : aws_route_table.public_rt.arn,
+    "id" : aws_route_table.public_rt.id,
+    "route" : aws_route_table.public_rt.route,
+    "vpc_id" : aws_route_table.public_rt.vpc_id
+  }
+}
+output "private_rt" {
+  description = "Private Route Tables"
+  value = {
+    "arn" : aws_route_table.private_rt.arn,
+    "id" : aws_route_table.private_rt.id,
+    "route" : aws_route_table.private_rt.route,
+    "vpc_id" : aws_route_table.private_rt.vpc_id
+  }
+}
diff --git a/providers.tf b/providers.tf
@@ -0,0 +1,15 @@
+provider "aws" {
+  region = var.aws_region
+
+  access_key = var.aws_access_key
+  secret_key = var.aws_secret_key
+  token      = var.aws_session_token
+
+  default_tags {
+    tags = {
+      Organization = "soat-tech-challenge"
+      Workspace    = "network-staging"
+    }
+  }
+}
+
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,42 @@
+// Variable sets
+
+variable "aws_region" {
+  description = "AWS Region to create resources on"
+  type        = string
+  default     = "us-east-1"
+}
+
+variable "aws_access_key" {
+  description = "AWS Access Key"
+  type        = string
+}
+
+variable "aws_secret_key" {
+  description = "AWS Secret Key"
+  type        = string
+}
+
+variable "aws_session_token" {
+  description = "AWS Secret Key"
+  type        = string
+}
+
+// Workspace variables
+
+locals {
+  // Availability Zones
+  azs = ["${var.aws_region}a", "${var.aws_region}b"]
+}
+
+variable "public_subnet_cidrs" {
+  type        = list(string)
+  description = "Public Subnet CIDR values"
+  default     = ["10.0.10.0/24", "10.0.11.0/24"]
+}
+
+variable "private_subnet_cidrs" {
+  type        = list(string)
+  description = "Private Subnet CIDR values"
+  default     = ["10.0.20.0/24", "10.0.21.0/24"]
+}
+
diff --git a/versions.tf b/versions.tf
@@ -0,0 +1,25 @@
+terraform {
+  required_version = ">= 0.12.26"
+
+  cloud {
+    organization = "soat-tech-challenge"
+
+    workspaces {
+      name = "network-staging"
+    }
+  }
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "4.67.0"
+    }
+
+    tfe = {
+      source  = "hashicorp/tfe"
+      version = "~> 0.49.2"
+    }
+  }
+}
+
+