converted to use vpc module to address #41

kunduso · kunduso · commit e52acddae99d · 2024-11-16T21:05:31.000-06:00
diff --git a/ec2.tf b/ec2.tf
@@ -1,9 +1,11 @@
 # create a security group
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
 resource "aws_security_group" "ec2_instance" {
   name        = "${var.name}-ec2"
   description = "Allow inbound to and outbound access from the Amazon EC2 instance."
-  vpc_id      = aws_vpc.this.id
+  vpc_id      = module.vpc.vpc.id
 }
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule
 resource "aws_security_group_rule" "ec2_instance_ingress" {
   type              = "ingress"
   security_group_id = aws_security_group.ec2_instance.id
@@ -13,7 +15,7 @@ resource "aws_security_group_rule" "ec2_instance_ingress" {
   cidr_blocks       = [var.vpc_cidr]
   description       = "Enable access from any resource inside the VPC."
 }
-
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule
 resource "aws_security_group_rule" "ec2_instance_egress" {
   type              = "egress"
   security_group_id = aws_security_group.ec2_instance.id
@@ -24,7 +26,7 @@ resource "aws_security_group_rule" "ec2_instance_egress" {
   description       = "Enable access to the internet."
 }
 
-#create an EC2 in a public subnet
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami
 data "aws_ami" "amazon_ami" {
   filter {
     name   = "name"
@@ -37,14 +39,16 @@ data "aws_ami" "amazon_ami" {
   most_recent = true
   owners      = ["amazon"]
 }
+#create an EC2 in a public subnet
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance
 resource "aws_instance" "app-server-read" {
   instance_type               = var.instance_type
   ami                         = data.aws_ami.amazon_ami.id
   vpc_security_group_ids      = [aws_security_group.ec2_instance.id]
   iam_instance_profile        = aws_iam_instance_profile.ec2_profile.name
   associate_public_ip_address = true
   #checkov:skip=CKV_AWS_88: Required for Session Manager access
-  subnet_id     = aws_subnet.public[0].id
+  subnet_id     = module.vpc.private_subnets[0].id
   ebs_optimized = true
   monitoring    = true
   root_block_device {
@@ -65,14 +69,15 @@ resource "aws_instance" "app-server-read" {
       elasticache_auth_token = aws_secretsmanager_secret.elasticache_auth.name
   })
 }
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance
 resource "aws_instance" "app-server-write" {
   instance_type               = var.instance_type
   ami                         = data.aws_ami.amazon_ami.id
   vpc_security_group_ids      = [aws_security_group.ec2_instance.id]
   iam_instance_profile        = aws_iam_instance_profile.ec2_profile.name
   associate_public_ip_address = true
   #checkov:skip=CKV_AWS_88: Required for Session Manager access
-  subnet_id     = aws_subnet.public[0].id
+  subnet_id     = module.vpc.private_subnets[0].id
   ebs_optimized = true
   monitoring    = true
   root_block_device {
diff --git a/elasticache.tf b/elasticache.tf
@@ -1,14 +1,16 @@
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group
 resource "aws_elasticache_subnet_group" "elasticache_subnet" {
   name       = "${var.name}-cache-subnet"
-  subnet_ids = [for subnet in aws_subnet.private : subnet.id]
+  subnet_ids = [for subnet in module.vpc.private_subnets : subnet.id]
 }
-
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret
 resource "aws_secretsmanager_secret" "elasticache_auth" {
   name                    = "${var.name}-elasticache-auth"
   recovery_window_in_days = 0
   kms_key_id              = aws_kms_key.encryption_secret.id
   #checkov:skip=CKV2_AWS_57: Disabled Secrets Manager secrets automatic rotation
 }
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version
 resource "aws_secretsmanager_secret_version" "auth" {
   secret_id     = aws_secretsmanager_secret.elasticache_auth.id
   secret_string = random_password.auth.result
@@ -43,8 +45,8 @@ resource "aws_elasticache_replication_group" "app4" {
     log_format       = "json"
     log_type         = "engine-log"
   }
-  lifecycle {
-    ignore_changes = [kms_key_id]
-  }
+  # lifecycle {
+  #   ignore_changes = [kms_key_id]
+  # }
   apply_immediately = true
 }
diff --git a/network.tf b/network.tf
@@ -1,62 +1,6 @@
-# # https://docs.aws.amazon.com/glue/latest/dg/set-up-vpc-dns.html
-# resource "aws_vpc" "this" {
-#   cidr_block = var.vpc_cidr
-#   # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc#enable_dns_support
-#   enable_dns_support = true
-#   # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc#enable_dns_hostnames
-#   enable_dns_hostnames = true
-#   #checkov:skip=CKV2_AWS_11: Not creating a flow log for this VPC
-#   tags = {
-#     "Name" = "app-4"
-#   }
-# }
-# data "aws_availability_zones" "available" {
-#   state = "available"
-# }
-# resource "aws_subnet" "private" {
-#   count             = length(var.subnet_cidr_private)
-#   vpc_id            = aws_vpc.this.id
-#   cidr_block        = var.subnet_cidr_private[count.index]
-#   availability_zone = data.aws_availability_zones.available.names[(count.index) % length(data.aws_availability_zones.available.names)]
-#   tags = {
-#     "Name" = "app-4-private-${count.index + 1}"
-#   }
-# }
-# resource "aws_subnet" "public" {
-#   count             = length(var.subnet_cidr_public)
-#   vpc_id            = aws_vpc.this.id
-#   cidr_block        = var.subnet_cidr_public[count.index]
-#   availability_zone = data.aws_availability_zones.available.names[(count.index) % length(data.aws_availability_zones.available.names)]
-#   tags = {
-#     "Name" = "app-4-public-${count.index + 1}"
-#   }
-# }
-# resource "aws_route_table" "private" {
-#   count  = length(var.subnet_cidr_private)
-#   vpc_id = aws_vpc.this.id
-#   tags = {
-#     "Name" = "app-4-private-route-table-${count.index + 1}"
-#   }
-# }
-# resource "aws_route_table" "public" {
-#   vpc_id = aws_vpc.this.id
-#   tags = {
-#     "Name" = "app-4-public"
-#   }
-# }
-# resource "aws_route_table_association" "private" {
-#   count          = length(var.subnet_cidr_private)
-#   subnet_id      = element(aws_subnet.private.*.id, count.index)
-#   route_table_id = aws_route_table.private[count.index].id
-# }
-# resource "aws_route_table_association" "public" {
-#   count          = length(var.subnet_cidr_public)
-#   subnet_id      = element(aws_subnet.public.*.id, count.index)
-#   route_table_id = aws_route_table.public.id
-# }
-
 module "vpc" {
   source                  = "github.com/kunduso/terraform-aws-vpc?ref=v1.0.0"
+  region                  = var.region
   vpc_cidr                = var.vpc_cidr
   enable_dns_support      = "true"
   enable_dns_hostnames    = "true"
