diff --git a/.github/workflows/apply-nic-napv5.yml b/.github/workflows/apply-nic-napv5.yml index be1131c1..54b5b111 100644 --- a/.github/workflows/apply-nic-napv5.yml +++ b/.github/workflows/apply-nic-napv5.yml @@ -3,7 +3,9 @@ on: push: branches: apply-nic-napv5 env: - AWS_REGION: us-east-1 +# AWS_REGION: us-east-1 + TF_VAR_AWS_S3_BUCKET_NAME: ${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }} + TF_VAR_AWS_REGION: ${{ secrets.TF_VAR_AWS_REGION }} jobs: terraform_bootstrap: name: "Bootstrap S3/DynamoDB" @@ -21,7 +23,7 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 @@ -66,7 +68,7 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 @@ -74,7 +76,9 @@ jobs: - name: Initialize Terraform (S3 Backend) run: | - terraform init + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Plan if: github.event_name == 'pull_request' || github.event_name == 'push' @@ -94,7 +98,6 @@ jobs: - name: Terraform Apply if: github.event_name == 'push' && github.ref == 'refs/heads/apply-nic-napv5' && steps.check_changes.outputs.has_changes == 'true' run: terraform apply -auto-approve tfplan - terraform_eks: name: "AWS EKS" @@ -113,14 +116,17 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Plan if: github.event_name == 'pull_request' || github.event_name == 'push' @@ -158,13 +164,16 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Plan if: github.event_name == 'pull_request' || github.event_name == 'push' @@ -208,14 +217,17 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init (EKS) - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" working-directory: ./eks-cluster - name: Print EKS Terraform Outputs @@ -306,7 +318,10 @@ jobs: kubectl cp ${{ github.workspace }}/policy/compiled_policy.tgz $NGINX_POD:/etc/app_protect/bundles/compiled_policy.tgz -n nginx-ingress - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Plan run: | @@ -343,13 +358,16 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Validate run: terraform validate -no-color @@ -383,4 +401,4 @@ jobs: else echo "external_name=$EXTERNAL_NAME" >> $GITHUB_ENV echo "NGINX Ingress External Name: $EXTERNAL_NAME" - fi + fi \ No newline at end of file diff --git a/.github/workflows/destroy-nic-napv5.yml b/.github/workflows/destroy-nic-napv5.yml index fa1fbde5..84ecde33 100644 --- a/.github/workflows/destroy-nic-napv5.yml +++ b/.github/workflows/destroy-nic-napv5.yml @@ -5,7 +5,9 @@ on: - destroy-nic-napv5 pull_request: env: - AWS_REGION: us-east-1 +# AWS_REGION: us-east-1 + TF_VAR_AWS_S3_BUCKET_NAME: ${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }} + TF_VAR_AWS_REGION: ${{ secrets.TF_VAR_AWS_REGION }} jobs: terraform_arcadia: name: "Destroy Arcadia WebApp" @@ -24,13 +26,16 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Validate run: terraform validate -no-color @@ -71,13 +76,16 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Destroy run: terraform destroy -auto-approve -lock=false @@ -99,13 +107,16 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Plan (Destroy) run: | @@ -152,13 +163,16 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Plan (Destroy) if: github.event_name == 'pull_request' || github.event_name == 'push' @@ -196,13 +210,16 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Plan (Destroy) if: github.event_name == 'pull_request' || github.event_name == 'push' @@ -244,12 +261,12 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Set Bucket Name id: set_bucket run: | - echo "bucket_name= your-unique-bucket-name" >> $GITHUB_OUTPUT + echo "bucket_name= ${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" >> $GITHUB_OUTPUT - name: Nuclear S3 Bucket Deletion run: | diff --git a/arcadia/backend.tf b/arcadia/backend.tf index 0b94793e..337363bf 100644 --- a/arcadia/backend.tf +++ b/arcadia/backend.tf @@ -1,8 +1,6 @@ terraform { backend "s3" { - bucket = "your-unique-bucket-name" # Replace with your actual bucket name key = "arcadia/terraform.tfstate" # Path to state file - region = "us-east-1" # AWS region dynamodb_table = "terraform-lock-table" # DynamoDB table for state locking encrypt = true # Encrypt state file at rest } diff --git a/arcadia/data.tf b/arcadia/data.tf index 8314a4fa..9ca0135b 100644 --- a/arcadia/data.tf +++ b/arcadia/data.tf @@ -2,9 +2,9 @@ data "terraform_remote_state" "infra" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket name + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name key = "infra/terraform.tfstate" # Path to infra's state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } @@ -12,18 +12,18 @@ data "terraform_remote_state" "infra" { data "terraform_remote_state" "nap" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket name + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name key = "nap/terraform.tfstate" # Path to NAP state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } data "terraform_remote_state" "eks" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket name + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name key = "eks-cluster/terraform.tfstate" # Path to EKS state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } diff --git a/arcadia/variables.tf b/arcadia/variables.tf new file mode 100644 index 00000000..a4fd1215 --- /dev/null +++ b/arcadia/variables.tf @@ -0,0 +1,11 @@ +variable "AWS_REGION" { + description = "aws region" + type = string + default = "" +} + +variable "AWS_S3_BUCKET_NAME" { + description = "aws s3 bucket name" + type = string + default = "" +} \ No newline at end of file diff --git a/eks-cluster/backend.tf b/eks-cluster/backend.tf index 15ad426e..05cc03e4 100644 --- a/eks-cluster/backend.tf +++ b/eks-cluster/backend.tf @@ -1,8 +1,6 @@ terraform { backend "s3" { - bucket = "your-unique-bucket-name" # Your S3 bucket name key = "eks-cluster/terraform.tfstate" # Path to state file - region = "us-east-1" # AWS region dynamodb_table = "terraform-lock-table" # DynamoDB table for state locking encrypt = true } diff --git a/eks-cluster/data.tf b/eks-cluster/data.tf index ccb139b9..81588032 100644 --- a/eks-cluster/data.tf +++ b/eks-cluster/data.tf @@ -1,9 +1,9 @@ data "terraform_remote_state" "infra" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket name + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name key = "infra/terraform.tfstate" # Path to infra's state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } diff --git a/eks-cluster/variables.tf b/eks-cluster/variables.tf index 3441659d..9be3a0d9 100644 --- a/eks-cluster/variables.tf +++ b/eks-cluster/variables.tf @@ -5,10 +5,22 @@ variable "admin_src_addr" { default = "0.0.0.0/0" } +variable "AWS_REGION" { + description = "aws region" + type = string + default = "" +} + +variable "AWS_S3_BUCKET_NAME" { + description = "aws s3 bucket name" + type = string + default = "" +} + variable "aws_region" { description = "The AWS region to deploy the EKS cluster" type = string - default = "us-east-1" + default = "ap-south-1" } #AWS diff --git a/infra/backend.tf b/infra/backend.tf index 4c22af28..d2d7d80a 100644 --- a/infra/backend.tf +++ b/infra/backend.tf @@ -1,8 +1,6 @@ terraform { backend "s3" { - bucket = "your-unique-bucket-name" # Your S3 bucket name key = "infra/terraform.tfstate" # Path to state file - region = "us-east-1" # AWS region dynamodb_table = "terraform-lock-table" # DynamoDB table for state locking encrypt = true } diff --git a/infra/network.tf b/infra/network.tf index f96b3471..6c19f1b9 100644 --- a/infra/network.tf +++ b/infra/network.tf @@ -10,7 +10,7 @@ module "vpc" { name = "${var.project_prefix}-vpc-${random_id.build_suffix.hex}" cidr = var.cidr - azs = var.azs + azs = local.azs enable_dns_support = true enable_dns_hostnames = true @@ -31,9 +31,9 @@ resource "aws_internet_gateway" "igw" { # Subnets resource "aws_subnet" "management" { - for_each = toset(var.azs) + for_each = toset(local.azs) vpc_id = module.vpc.vpc_id - cidr_block = cidrsubnet(module.vpc.vpc_cidr_block, 4, index(var.azs, each.key) * 4) + cidr_block = cidrsubnet(module.vpc.vpc_cidr_block, 4, index(local.azs, each.key) * 4) availability_zone = each.key tags = { Name = format("%s-mgmt-subnet-%s", var.project_prefix, each.key) @@ -41,9 +41,9 @@ resource "aws_subnet" "management" { } resource "aws_subnet" "internal" { - for_each = toset(var.azs) + for_each = toset(local.azs) vpc_id = module.vpc.vpc_id - cidr_block = cidrsubnet(module.vpc.vpc_cidr_block, 4, index(var.azs, each.key) * 4 + 1) + cidr_block = cidrsubnet(module.vpc.vpc_cidr_block, 4, index(local.azs, each.key) * 4 + 1) availability_zone = each.key tags = { Name = format("%s-int-subnet-%s", var.project_prefix, each.key) @@ -51,9 +51,9 @@ resource "aws_subnet" "internal" { } resource "aws_subnet" "external" { - for_each = toset(var.azs) + for_each = toset(local.azs) vpc_id = module.vpc.vpc_id - cidr_block = cidrsubnet(module.vpc.vpc_cidr_block, 4, index(var.azs, each.key) * 4 + 2) + cidr_block = cidrsubnet(module.vpc.vpc_cidr_block, 4, index(local.azs, each.key) * 4 + 2) map_public_ip_on_launch = true availability_zone = each.key tags = { @@ -62,9 +62,9 @@ resource "aws_subnet" "external" { } resource "aws_subnet" "app_cidr" { - for_each = toset(var.azs) + for_each = toset(local.azs) vpc_id = module.vpc.vpc_id - cidr_block = cidrsubnet(module.vpc.vpc_cidr_block, 4, index(var.azs, each.key) * 4 + 3) + cidr_block = cidrsubnet(module.vpc.vpc_cidr_block, 4, index(local.azs, each.key) * 4 + 3) availability_zone = each.key tags = { Name = format("%s-app-subnet-%s", var.project_prefix, each.key) @@ -85,25 +85,25 @@ resource "aws_route_table" "main" { # Route Table Associations resource "aws_route_table_association" "subnet-association-internal" { - for_each = toset(var.azs) + for_each = toset(local.azs) subnet_id = aws_subnet.internal[each.key].id route_table_id = aws_route_table.main.id } resource "aws_route_table_association" "subnet-association-management" { - for_each = toset(var.azs) + for_each = toset(local.azs) subnet_id = aws_subnet.management[each.key].id route_table_id = aws_route_table.main.id } resource "aws_route_table_association" "subnet-association-external" { - for_each = toset(var.azs) + for_each = toset(local.azs) subnet_id = aws_subnet.external[each.key].id route_table_id = aws_route_table.main.id } resource "aws_route_table_association" "subnet-association-app-cidr" { - for_each = toset(var.azs) + for_each = toset(local.azs) subnet_id = aws_subnet.app_cidr[each.key].id route_table_id = aws_route_table.main.id } \ No newline at end of file diff --git a/infra/outputs.tf b/infra/outputs.tf index 923e8384..f5990c0c 100644 --- a/infra/outputs.tf +++ b/infra/outputs.tf @@ -13,11 +13,11 @@ output "build_suffix" { # AWS Region and Availability Zones output "aws_region" { - value = var.aws_region + value = var.AWS_REGION } output "azs" { - value = var.azs + value = local.azs } # VPC Details @@ -62,44 +62,44 @@ output "management_cidr_blocks" { # Specific AZ Subnet CIDR Blocks output "public_az1_cidr_block" { - value = aws_subnet.external[element(tolist(var.azs), 0)].cidr_block # Reference AZ1's public CIDR + value = aws_subnet.external[element(tolist(local.azs), 0)].cidr_block # Reference AZ1's public CIDR } output "private_az1_cidr_block" { - value = aws_subnet.internal[element(tolist(var.azs), 0)].cidr_block # Reference AZ1's private CIDR + value = aws_subnet.internal[element(tolist(local.azs), 0)].cidr_block # Reference AZ1's private CIDR } output "public_az2_cidr_block" { - value = aws_subnet.external[element(tolist(var.azs), 1)].cidr_block # Reference AZ2's public CIDR + value = aws_subnet.external[element(tolist(local.azs), 1)].cidr_block # Reference AZ2's public CIDR } output "private_az2_cidr_block" { - value = aws_subnet.internal[element(tolist(var.azs), 1)].cidr_block # Reference AZ2's private CIDR + value = aws_subnet.internal[element(tolist(local.azs), 1)].cidr_block # Reference AZ2's private CIDR } # Subnet IDs for specific AZs output "ext_subnet_az1" { - value = aws_subnet.external[element(tolist(var.azs), 0)].id # Reference AZ1's external subnet ID + value = aws_subnet.external[element(tolist(local.azs), 0)].id # Reference AZ1's external subnet ID } output "ext_subnet_az2" { - value = aws_subnet.external[element(tolist(var.azs), 1)].id # Reference AZ2's external subnet ID + value = aws_subnet.external[element(tolist(local.azs), 1)].id # Reference AZ2's external subnet ID } output "int_subnet_az1" { - value = aws_subnet.internal[element(tolist(var.azs), 0)].id # Reference AZ1's internal subnet ID + value = aws_subnet.internal[element(tolist(local.azs), 0)].id # Reference AZ1's internal subnet ID } output "int_subnet_az2" { - value = aws_subnet.internal[element(tolist(var.azs), 1)].id # Reference AZ2's internal subnet ID + value = aws_subnet.internal[element(tolist(local.azs), 1)].id # Reference AZ2's internal subnet ID } output "mgmt_subnet_az1" { - value = aws_subnet.management[element(tolist(var.azs), 0)].id # Reference AZ1's management subnet ID + value = aws_subnet.management[element(tolist(local.azs), 0)].id # Reference AZ1's management subnet ID } output "mgmt_subnet_az2" { - value = aws_subnet.management[element(tolist(var.azs), 1)].id # Reference AZ2's management subnet ID + value = aws_subnet.management[element(tolist(local.azs), 1)].id # Reference AZ2's management subnet ID } # CIDR Block for Application and EKS Subnets diff --git a/infra/provider.tf b/infra/provider.tf index 0996a6ed..831601b6 100644 --- a/infra/provider.tf +++ b/infra/provider.tf @@ -1,5 +1,5 @@ # AWS Provider Configuration provider "aws" { - region = var.aws_region + region = var.AWS_REGION } diff --git a/infra/terraform.tfvars b/infra/terraform.tfvars new file mode 100644 index 00000000..f896cbcf --- /dev/null +++ b/infra/terraform.tfvars @@ -0,0 +1,4 @@ +project_prefix = "gh-hk-nic-nap" #"Your project identifier name in lowercase letters only - this will be applied as a prefix to all assets" +resource_owner = "karthik" +# aws_region = "ap-south-1" +# azs = ["${var.AWS_REGION}a", "${var.AWS_REGION}b"] \ No newline at end of file diff --git a/infra/terraform.tfvars.examples b/infra/terraform.tfvars.examples index 087f42d9..47b067d7 100644 --- a/infra/terraform.tfvars.examples +++ b/infra/terraform.tfvars.examples @@ -1,6 +1,2 @@ project_prefix = " " #"Your project identifier name in lowercase letters only - this will be applied as a prefix to all assets" -resource_owner = "Your-name" -aws_region = "us-east-1" -azs = ["us-east-1a", "us-east-1b"] - - +resource_owner = "Your-name" \ No newline at end of file diff --git a/infra/variables.tf b/infra/variables.tf index 958545ea..fa7928cc 100644 --- a/infra/variables.tf +++ b/infra/variables.tf @@ -5,11 +5,24 @@ variable "project_prefix" { description = "This value is inserted at the beginning of each AWS object (alpha-numeric, no special character)" } -variable "aws_region" { +variable "AWS_REGION" { description = "aws region" type = string - default = "us-east-1" + default = "" } + +variable "AWS_S3_BUCKET_NAME" { + description = "aws s3 bucket name" + type = string + default = "" +} + +# variable "aws_region" { +# description = "aws region" +# type = string +# default = "ap-south-1" +# } + variable "resource_owner" { type = string description = "owner of the deployment, for tagging purposes" @@ -24,12 +37,17 @@ variable "cidr" { condition = can(regex("^([0-9]{1,3}.){3}[0-9]{1,3}($|/(15|16|24))$", var.cidr)) error_message = "The value must conform to a CIDR block format." } - } -variable "azs" { - description = "Availability Zones" - type = list + +# variable "azs" { +# description = "Availability Zones" +# type = list +# } + +locals { + azs = ["${var.AWS_REGION}a", "${var.AWS_REGION}b"] } + variable "create_nat_gateway" { type = bool default = false diff --git a/nap/backend.tf b/nap/backend.tf index 2c1c918e..7431f76e 100644 --- a/nap/backend.tf +++ b/nap/backend.tf @@ -1,8 +1,6 @@ terraform { backend "s3" { - bucket = "your-unique-bucket-name" # Replace with your actual bucket name key = "nap/terraform.tfstate" # Path to state file - region = "us-east-1" # AWS region dynamodb_table = "terraform-lock-table" # DynamoDB table for state locking encrypt = true # Encrypt state file at rest } diff --git a/nap/data.tf b/nap/data.tf index a2ce00cb..30fe149c 100644 --- a/nap/data.tf +++ b/nap/data.tf @@ -1,9 +1,9 @@ data "terraform_remote_state" "infra" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket name + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name key = "infra/terraform.tfstate" # Path to infra's state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } @@ -11,9 +11,9 @@ data "terraform_remote_state" "infra" { data "terraform_remote_state" "eks" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket name + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name key = "eks-cluster/terraform.tfstate" # Path to EKS state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } diff --git a/nap/variables.tf b/nap/variables.tf index f2318eb7..e84789a2 100644 --- a/nap/variables.tf +++ b/nap/variables.tf @@ -22,3 +22,14 @@ variable "nginx_jwt" { sensitive = true # Mark as sensitive to avoid exposing it in logs } +variable "AWS_REGION" { + description = "aws region" + type = string + default = "" +} + +variable "AWS_S3_BUCKET_NAME" { + description = "aws s3 bucket name" + type = string + default = "" +} \ No newline at end of file diff --git a/policy/backend.tf b/policy/backend.tf index 1e23d6bb..5c207f5f 100644 --- a/policy/backend.tf +++ b/policy/backend.tf @@ -1,8 +1,6 @@ terraform { backend "s3" { - bucket = "your-unique-bucket-name" # Replace with your actual bucket name key = "policy/terraform.tfstate" # Path to state file - region = "us-east-1" # AWS region dynamodb_table = "terraform-lock-table" # DynamoDB table for state locking encrypt = true # Encrypt state file at rest } diff --git a/policy/data.tf b/policy/data.tf index 5f3c32e4..f85188ed 100755 --- a/policy/data.tf +++ b/policy/data.tf @@ -2,9 +2,9 @@ data "terraform_remote_state" "infra" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket namee + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket namee key = "infra/terraform.tfstate" # Path to infra's state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } @@ -12,9 +12,9 @@ data "terraform_remote_state" "infra" { data "terraform_remote_state" "eks" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket name + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name key = "eks-cluster/terraform.tfstate" # Path to EKS state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } @@ -22,9 +22,9 @@ data "terraform_remote_state" "eks" { data "terraform_remote_state" "nap" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket name + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name key = "nap/terraform.tfstate" # Path to NAP state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } diff --git a/policy/variables.tf b/policy/variables.tf new file mode 100644 index 00000000..a4fd1215 --- /dev/null +++ b/policy/variables.tf @@ -0,0 +1,11 @@ +variable "AWS_REGION" { + description = "aws region" + type = string + default = "" +} + +variable "AWS_S3_BUCKET_NAME" { + description = "aws s3 bucket name" + type = string + default = "" +} \ No newline at end of file diff --git a/s3/bootstrap.tf b/s3/bootstrap.tf index 50317f1a..3e6b0f4e 100644 --- a/s3/bootstrap.tf +++ b/s3/bootstrap.tf @@ -3,7 +3,7 @@ data "external" "bucket_check" { program = ["bash", "-c", <&1) + output=$(aws s3api head-bucket --bucket ${var.AWS_S3_BUCKET_NAME} --region ${var.AWS_REGION} 2>&1) status=$? if [ $status -eq 0 ]; then @@ -23,7 +23,7 @@ data "external" "dynamodb_table_check" { program = ["bash", "-c", <&1); then + --region ${var.AWS_REGION} 2>&1); then echo '{"exists":"true"}' elif echo "$output" | grep -q 'ResourceNotFoundException'; then echo '{"exists":"false"}' @@ -49,14 +49,14 @@ locals { ) # Generate unique bucket name if needed - unique_bucket_name = "${var.tf_state_bucket}-${data.aws_caller_identity.current.account_id}" + # unique_bucket_name = "${var.AWS_S3_BUCKET_NAME}-${data.aws_caller_identity.current.account_id}" } # S3 Bucket Resources resource "aws_s3_bucket" "terraform_state" { count = local.bucket_exists ? 0 : 1 - bucket = local.unique_bucket_name + bucket = var.AWS_S3_BUCKET_NAME force_destroy = false tags = { diff --git a/s3/iam.tf b/s3/iam.tf index 017bedef..432abce9 100644 --- a/s3/iam.tf +++ b/s3/iam.tf @@ -38,8 +38,8 @@ resource "aws_iam_policy" "terraform_state_access" { "s3:ListBucket" ], Resource = [ - "arn:aws:s3:::${var.tf_state_bucket}", - "arn:aws:s3:::${var.tf_state_bucket}/*" + "arn:aws:s3:::${var.AWS_S3_BUCKET_NAME}", + "arn:aws:s3:::${var.AWS_S3_BUCKET_NAME}/*" ] }] }) diff --git a/s3/outputs.tf b/s3/outputs.tf index 5f5f84a1..df538004 100644 --- a/s3/outputs.tf +++ b/s3/outputs.tf @@ -6,7 +6,7 @@ output "s3_bucket_created" { } output "s3_bucket_name" { - value = local.bucket_exists ? var.tf_state_bucket : aws_s3_bucket.terraform_state[0].bucket + value = local.bucket_exists ? var.AWS_S3_BUCKET_NAME : aws_s3_bucket.terraform_state[0].bucket description = "Name of the S3 bucket used for Terraform state" } diff --git a/s3/provider.tf b/s3/provider.tf index 0996a6ed..831601b6 100644 --- a/s3/provider.tf +++ b/s3/provider.tf @@ -1,5 +1,5 @@ # AWS Provider Configuration provider "aws" { - region = var.aws_region + region = var.AWS_REGION } diff --git a/s3/variables.tf b/s3/variables.tf index ade31b82..1ee7cff2 100644 --- a/s3/variables.tf +++ b/s3/variables.tf @@ -1,16 +1,20 @@ -variable "tf_state_bucket" { - type = string - description = "S3 bucket for Terraform state" - default = "your-unique-bucket-name" -} +# variable "tf_state_bucket" { +# type = string +# description = "S3 bucket for Terraform state" +# default = "your-unique-bucket-name" +# } variable "create_iam_resources" { description = "Whether to create IAM resources (role and policy)." type = bool default = true } -variable "aws_region" { +variable "AWS_REGION" { description = "aws region" type = string - default = "us-east-1" } + +variable "AWS_S3_BUCKET_NAME" { + description = "aws s3 bucket name" + type = string +} \ No newline at end of file