additional services/functions added (857c81bc) · Commits · f5labs / f5devops

terraform/f5-sgw-ts/modules/functions/docker/main.tf

0 → 100644

+150 −0

Original line number	Diff line number	Diff line
		data "aws_ami" "latest-ubuntu-docker" {
		most_recent = true
		owners = ["099720109477"] # Canonical

		filter {
		name = "name"
		values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]
		}

		filter {
		name = "virtualization-type"
		values = ["hvm"]
		}
		}


		module "dockerhost" {
		source = "terraform-aws-modules/ec2-instance/aws"
		version = "~> 2.0"

		name = format("%s-demo-dockerhost-%s", var.prefix, random_id.id.hex)
		instance_count = length(var.azs)

		ami = data.aws_ami.latest-ubuntu-docker.id
		associate_public_ip_address = false
		instance_type = "t2.xlarge"
		root_block_device = [
		{
		volume_type = "gp2"
		volume_size = 100
		},
		]
		key_name = var.ec2_key_name
		monitoring = false
		vpc_security_group_ids = [module.dockerhost_sg.this_security_group_id]
		subnet_ids = module.vpc.private_subnets


		user_data = templatefile("${path.module}/userdata.tmpl", {})

		tags = {
		Terraform = "true"
		Environment = "dev"
		Application = var.prefix
		}
		}

		#
		# Create a security group for the jumphost
		#
		module "dockerhost_sg" {
		source = "terraform-aws-modules/security-group/aws"

		name = format("%s-dockerhost-%s", var.prefix, random_id.id.hex)
		description = "Security group for BIG-IP Demo"
		vpc_id = module.vpc.vpc_id

		ingress_cidr_blocks = [var.cidr]
		ingress_rules = ["ssh-tcp"]
		ingress_with_cidr_blocks = [
		{
		from_port = 3030
		to_port = 3030
		protocol = "tcp"
		description = "grafana"
		cidr_blocks = var.cidr
		},
		{
		from_port = 3400
		to_port = 3400
		protocol = "tcp"
		description = "graphite"
		cidr_blocks = var.cidr
		},
		{
		from_port = 2003
		to_port = 2003
		protocol = "tcp"
		description = "graphite"
		cidr_blocks = var.cidr
		},
		{
		from_port = 2004
		to_port = 2004
		protocol = "tcp"
		description = "graphite"
		cidr_blocks = var.cidr
		},
		{
		from_port = 2023
		to_port = 2023
		protocol = "tcp"
		description = "graphite"
		cidr_blocks = var.cidr
		},
		{
		from_port = 2024
		to_port = 2024
		protocol = "tcp"
		description = "graphite"
		cidr_blocks = var.cidr
		},
		{
		from_port = 8125
		to_port = 8125
		protocol = "udp"
		description = "graphite"
		cidr_blocks = var.cidr
		},
		{
		from_port = 8126
		to_port = 8126
		protocol = "tcp"
		description = "graphite"
		cidr_blocks = var.cidr
		},
		{
		from_port = 8080
		to_port = 8080
		protocol = "tcp"
		description = "graphite"
		cidr_blocks = var.cidr
		},
		{
		from_port = 9200
		to_port = 9200
		protocol = "tcp"
		description = "elastic search"
		cidr_blocks = var.cidr
		},
		{
		from_port = 9300
		to_port = 9300
		protocol = "tcp"
		description = "elastic search"
		cidr_blocks = var.cidr
		},
		{
		from_port = 3300
		to_port = 3300
		protocol = "tcp"
		description = "juice shop"
		cidr_blocks = var.cidr
		},
		]

		# Allow ec2 instances outbound Internet connectivity
		egress_cidr_blocks = ["0.0.0.0/0"]
		egress_rules = ["all-all"]
		}
		No newline at end of file

terraform/f5-sgw-ts/modules/functions/docker/outputs.tf

0 → 100644

+0 −0

Empty file added.

terraform/f5-sgw-ts/modules/functions/docker/vars.tf

0 → 100644

+0 −0

Empty file added.

terraform/f5-sgw-ts/secure/main.tf

100755 → 100644

+4 −64

Original line number	Diff line number	Diff line
		@@ -2,39 +2,15 @@ terraform {
		backend "s3" {}
		}

		provider "aws" {
		alias = "child"
		profile = "${var.child-profile}"
		region = "${var.aws-region}"

		/*
		assume_role {
		role_arn = "arn:aws:iam::${var.child-account-id}:role/${var.admin-role}"
		}
		*/
		}

		provider "aws" {
		alias = "logging"
		profile = "${var.logging-profile}"
		region = "${var.aws-region}"

		/*
		assume_role {
		role_arn = "arn:aws:iam::${var.logging-account-id}:role/${var.admin-role}"
		}
		*/
		}

		module "vpc" {
		source = "../global/modules/vpc"
		source = "../global/services/vpc"

		providers = {
		aws = "aws.child"
		aws = "aws.secops"
		}

		name = "${var.project}-${var.environment}"
		cidr = "10.4.0.0/22"
		cidr = "var.cidr"

		azs = ["ap-southeast-2a", "ap-southeast-2b", "ap-southeast-2c"]
		public_subnets = ["10.4.0.0/27", "10.4.0.32/27", "10.4.0.64/27"]
		@@ -49,43 +25,6 @@ module "vpc" {
		}

		/*
		module "worm" {
		source = "../global/modules/worm"

		providers = {
		aws = "aws.logging"
		}

		child-account-bucket = "${var.project}-${var.environment}"
		child-project = "${var.project}"
		child-account-id = "${var.child-account-id}"
		child-account-env = "${var.environment}"
		child-account-region = "${var.aws-region}"
		} */

		/* module "compliance" {
		source = "../global/modules/compliance"

		providers = {
		aws = "aws.child"
		aws = "aws.logging"
		}

		vpc = "${module.vpc.vpc_id}"
		parent-account-id = "${var.parent-account-id}"
		child-project = "${var.project}"
		parent-profile = "${var.parent-profile}"
		child-account-bucket = "${var.project}-${var.environment}"
		child-profile = "${var.child-profile}"
		child-account-name = "${var.project}-${var.environment}"
		child-account-id = "${var.child-account-id}"
		child-account-env = "${var.environment}"
		child-account-region = "${var.aws-region}"
		logging-account-id = "${var.logging-account-id}"
		}

		*/

		############################################################
		## DMZ stanza
		############################################################
		@@ -370,3 +309,4 @@ resource "aws_autoscaling_attachment" "svc_asg_nlb-dmz" {
		autoscaling_group_name = "${aws_autoscaling_group.asg_dmz_f5.id}"
		alb_target_group_arn = "${aws_lb_target_group.nlb_target_group.arn}"
		}
		*/
		No newline at end of file

terraform/f5-sgw-ts/secure/outputs.tf

100755 → 100644

+0 −0

File mode changed from 100755 to 100644.

View file