diff --git a/README.md b/README.md index 8e3d88b..5145bf0 100644 --- a/README.md +++ b/README.md @@ -197,6 +197,92 @@ Then add under spec: "s3:*" ], "Resource": "*" + }, + { + "Effect": "Allow", + "Action": "iam:*", + "Resource": "*" + }, + { + "Action": [ + "firehose:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "codepipeline:*", + "iam:ListRoles", + "iam:PassRole", + "s3:CreateBucket", + "s3:GetBucketPolicy", + "s3:GetObject", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:PutBucketPolicy", + "codecommit:ListBranches", + "codecommit:ListRepositories", + "codedeploy:GetApplication", + "codedeploy:GetDeploymentGroup", + "codedeploy:ListApplications", + "codedeploy:ListDeploymentGroups", + "elasticbeanstalk:DescribeApplications", + "elasticbeanstalk:DescribeEnvironments", + "lambda:GetFunctionConfiguration", + "lambda:ListFunctions", + "opsworks:DescribeApps", + "opsworks:DescribeLayers", + "opsworks:DescribeStacks", + "cloudformation:DescribeStacks", + "cloudformation:ListChangeSets" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "codebuild:*", + "codecommit:GetBranch", + "codecommit:GetCommit", + "codecommit:GetRepository", + "codecommit:ListBranches", + "codecommit:ListRepositories", + "cloudwatch:GetMetricStatistics", + "ec2:DescribeVpcs", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ecr:DescribeRepositories", + "ecr:ListImages", + "events:DeleteRule", + "events:DescribeRule", + "events:DisableRule", + "events:EnableRule", + "events:ListTargetsByRule", + "events:ListRuleNamesByTarget", + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets", + "logs:GetLogEvents", + "s3:GetBucketLocation", + "s3:ListAllMyBuckets" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:DeleteLogGroup" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/*:log-stream:*" + }, + { + "Effect": "Allow", + "Action": [ + "ssm:PutParameter" + ], + "Resource": "arn:aws:ssm:*:*:parameter/CodeBuild/*" } ] ``` diff --git a/terraform/igw.tf b/terraform/igw.tf new file mode 100644 index 0000000..9448544 --- /dev/null +++ b/terraform/igw.tf @@ -0,0 +1,8 @@ +resource "aws_internet_gateway" "igw" { + vpc_id = "${aws_vpc.vpc.vpc_id}" + + tags = { + Name = "${var.igw_name}" + } +} + diff --git a/terraform/nat.tf b/terraform/nat.tf new file mode 100644 index 0000000..a4772d7 --- /dev/null +++ b/terraform/nat.tf @@ -0,0 +1,30 @@ +resource "aws_eip" "eip_nat_a" {} +resource "aws_eip" "eip_nat_b" {} +resource "aws_eip" "eip_nat_c" {} + +resource "aws_nat_gateway" "nat_a" { + allocation_id = "${aws_eip.eip_nat_a.id}" + subnet_id = "${aws_subnet.utility_a.id}" + + tags = { + Name = "${var.nat_a_name}" + } +} + +resource "aws_nat_gateway" "nat_b" { + allocation_id = "${aws_eip.eip_nat_b.id}" + subnet_id = "${aws_subnet.utility_b.id}" + + tags = { + Name = "${var.nat_b_name}" + } +} + +resource "aws_nat_gateway" "nat_c" { + allocation_id = "${aws_eip.eip_nat_c.id}" + subnet_id = "${aws_subnet.utility_c.id}" + + tags = { + Name = "${var.nat_c_name}" + } +} \ No newline at end of file diff --git a/terraform/provider.tf b/terraform/provider.tf new file mode 100644 index 0000000..e69de29 diff --git a/terraform/routes.tf b/terraform/routes.tf new file mode 100644 index 0000000..e260396 --- /dev/null +++ b/terraform/routes.tf @@ -0,0 +1,78 @@ +resource "aws_route_table" "public_rt" { + vpc_id = "${aws_vpc.vpc.id}" + + route { + ipv6_cidr_block = "::/0" + gateway_id = "${aws_internet_gateway.igw.id}" + } + + tags = { + Name = "${var.public_rt_name}" + } +} + + +resource "aws_route_table" "private_rt_a" { + vpc_id = "${aws_vpc.vpc.id}" + tags = { + Name = "${var.private_rt_a_name}" + } + + route { + ipv6_cidr_block = "::/0" + nat_gateway_id = "${aws_nat_gateway.nat_a.id}" + } +} + +resource "aws_route_table" "private_rt_b" { + vpc_id = "${aws_vpc.vpc.id}" + tags = { + Name = "${var.private_rt_b_name}" + } + + route { + ipv6_cidr_block = "::/0" + nat_gateway_id = "${aws_nat_gateway.nat_b.id}" + } +} + +resource "aws_route_table" "private_rt_c" { + vpc_id = "${aws_vpc.vpc.id}" + tags = { + Name = "${var.private_rt_c_name}" + } + + route { + ipv6_cidr_block = "::/0" + nat_gateway_id = "${aws_nat_gateway.nat_c.id}" + } +} + +resource "aws_route_table_association" "public_rt_association_a" { + subnet_id = "${aws_subnet.utility_a.id}" + route_table_id = "${aws_route_table.public_rt.id}" +} + +resource "aws_route_table_association" "public_rt_association_b" { + subnet_id = "${aws_subnet.utility_b.id}" + route_table_id = "${aws_route_table.public_rt.id}" +} + +resource "aws_route_table_association" "public_rt_association_c" { + subnet_id = "${aws_subnet.utility_c.id}" + route_table_id = "${aws_route_table.public_rt.id}" +} + +resource "aws_route_table_association" "private_rt_association_a" { + subnet_id = "${aws_subnet.private_a.id}" + route_table_id = "${aws_route_table.private_rt_a.id}" +} + +resource "aws_route_table_association" "private_rt_association_b" { + subnet_id = "${aws_subnet.private_b.id}" + route_table_id = "${aws_route_table.private_rt_b.id}" +} +resource "aws_route_table_association" "private_rt_association_c" { + subnet_id = "${aws_subnet.private_c.id}" + route_table_id = "${aws_route_table.private_rt_c.id}" +} \ No newline at end of file diff --git a/terraform/subnets.tf b/terraform/subnets.tf new file mode 100644 index 0000000..b66bfa3 --- /dev/null +++ b/terraform/subnets.tf @@ -0,0 +1,58 @@ +resource "aws_subnet" "utility_a" { + vpc_id = "${aws_vpc.vpc.id}" + cidr_block = "${var.public_subnet_a_cidr_block}" + availability_zone = "${var.az_a}" + + tags = { + Name = "${var.public_subnet_a_name}" + } +} + +resource "aws_subnet" "utility_b" { + vpc_id = "${aws_vpc.vpc.id}" + cidr_block = "${var.public_subnet_b_cidr_block}" + availability_zone = "${var.az_b}" + + tags = { + Name = "${var.public_subnet_b_name}" + } +} + +resource "aws_subnet" "utility_c" { + vpc_id = "${aws_vpc.vpc.id}" + cidr_block = "${var.public_subnet_c_cidr_block}" + availability_zone = "${var.az_c}" + + tags = { + Name = "${var.public_subnet_c_name}" + } +} +resource "aws_subnet" "private_a" { + vpc_id = "${aws_vpc.vpc.id}" + cidr_block = "${var.private_subnet_a_cidr_block}" + availability_zone = "${var.az_a}" + + tags = { + Name = "${var.private_subnet_a_name}" + } +} + +resource "aws_subnet" "private_b" { + vpc_id = "${aws_vpc.vpc.id}" + cidr_block = "${var.private_subnet_b_cidr_block}" + availability_zone = "${var.az_b}" + + tags = { + Name = "${var.private_subnet_b_name}" + } +} + +resource "aws_subnet" "private_c" { + vpc_id = "${aws_vpc.vpc.id}" + cidr_block = "${var.private_subnet_c_cidr_block}" + availability_zone = "${var.az_c}" + + tags = { + Name = "${var.private_subnet_c_name}" + } +} diff --git a/terraform/terraform.tfvars b/terraform/terraform.tfvars new file mode 100644 index 0000000..60d8b72 --- /dev/null +++ b/terraform/terraform.tfvars @@ -0,0 +1,36 @@ +vpc_name = "" +vpc_cidr_block = "" + +public_subnet_a_name = "Utility Subnet A" +public_subnet_b_name = "Utility Subnet B" +public_subnet_c_name = "Utility Subnet C" + +private_subnet_a_name = "Private Subnet A" +private_subnet_b_name = "Private Subnet B" +private_subnet_c_name = "Private Subnet C" + +public_subnet_a_cidr_block = "" +public_subnet_b_cidr_block = "" +public_subnet_c_cidr_block = "" + +private_subnet_a_cidr_block = "" +private_subnet_b_cidr_block = "" +private_subnet_c_cidr_block = "" + +az_a = "eu-west-1a" +az_b = "eu-west-1b" +az_c = "eu-west-1c" + +igw_name = "" + +public_rt_name = "Utility Route Table" + +private_rt_a_name = "Private Route Table A" +private_rt_b_name = "Private Route Table B" +private_rt_c_name = "Private Route Table C" + +nat_a_name = "NAT A" +nat_b_name = "NAT B" +nat_c_name = "NAT C" + + diff --git a/terraform/variables.tf b/terraform/variables.tf new file mode 100644 index 0000000..e84f205 --- /dev/null +++ b/terraform/variables.tf @@ -0,0 +1,33 @@ +variable "vpc_name" {} +variable "vpc_cidr_block" {} + +variable "public_subnet_a_name" {} +variable "public_subnet_b_name" {} +variable "public_subnet_c_name" {} +variable "private_subnet_a_name" {} +variable "private_subnet_b_name" {} +variable "private_subnet_c_name" {} + +variable "public_subnet_a_cidr_block" {} +variable "public_subnet_b_cidr_block" {} +variable "public_subnet_c_cidr_block" {} +variable "private_subnet_a_cidr_block" {} +variable "private_subnet_b_cidr_block" {} +variable "private_subnet_c_cidr_block" {} + +variable "az_a" {} +variable "az_b" {} +variable "az_c" {} + +variable "igw_name" {} + +variable "public_rt_name" {} +variable "private_rt_a_name" {} +variable "private_rt_b_name" {} +variable "private_rt_c_name" {} + +variable "nat_a_name" {} +variable "nat_b_name" {} +variable "nat_c_name" {} + + diff --git a/terraform/vpc.tf b/terraform/vpc.tf new file mode 100644 index 0000000..7f74d40 --- /dev/null +++ b/terraform/vpc.tf @@ -0,0 +1,9 @@ +resource "aws_vpc" "vpc" { + cidr_block = "${var.vpc_cidr_block}" + enable_dns_hostnames = true + enable_dns_support = true + + tags = { + Name = "${var.vpc_name}" + } +} \ No newline at end of file