Initiate aws modules (#89)

README.md

@@ -4,5 +4,6 @@ This repository contains the Xenit Terraform modules.
 
 ## Module groups
 
+- [`aws`](modules/aws/README.md)
 - [`azure`](modules/azure/README.md)
 - [`kubernetes`](modules/kubernetes/README.md)

modules/aws/.tflint.hcl

@@ -0,0 +1,57 @@
+config {
+  module = false
+  force = false
+  disabled_by_default = false
+}
+
+rule "terraform_deprecated_interpolation" {
+  enabled = true
+}
+
+rule "terraform_deprecated_index" {
+  enabled = true
+}
+
+rule "terraform_unused_declarations" {
+  enabled = true
+}
+
+rule "terraform_comment_syntax" {
+  enabled = true
+}
+
+rule "terraform_documented_outputs" {
+  enabled = true
+}
+
+rule "terraform_documented_variables" {
+  enabled = true
+}
+
+rule "terraform_typed_variables" {
+  enabled = true
+}
+
+rule "terraform_module_pinned_source" {
+  enabled = true
+}
+
+rule "terraform_naming_convention" {
+  enabled = true
+}
+
+rule "terraform_required_version" {
+  enabled = true
+}
+
+rule "terraform_required_providers" {
+  enabled = true
+}
+
+rule "terraform_standard_module_structure" {
+  enabled = true
+}
+
+rule "terraform_workspace_remote" {
+  enabled = true
+}

modules/aws/README.md

@@ -0,0 +1,9 @@
+# AWS Terraform modules
+
+This directory contains all the AWS Terraform modules.
+
+## Modules
+
+- [`core`](core/README.md)
+- [`eks-global`](eks-global/README.md)
+- [`eks`](eks/README.md)

modules/aws/core/README.md

@@ -0,0 +1,26 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | 0.13.5 |
+| aws | 3.20.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | 3.20.0 |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| dns\_zone | The DNS Zone that will be used by the EKS cluster | `string` | n/a | yes |
+| environment | The environment name to use for the deploy | `string` | n/a | yes |
+| name | Common name for the environment | `string` | n/a | yes |
+| vpc\_config | The configuration for the VPC | <pre>object({<br>    cidr_block = string<br>    public_subnet = object({<br>      cidr_block = string<br>      tags       = map(string)<br>    })<br>  })</pre> | n/a | yes |
+
+## Outputs
+
+No output.
+

modules/aws/core/main.tf

@@ -0,0 +1,22 @@
+terraform {
+  required_version = "0.13.5"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "3.20.0"
+    }
+  }
+}
+
+data "aws_availability_zones" "available" {
+  state = "available"
+}
+
+resource "aws_route53_zone" "this" {
+  name = var.dns_zone
+
+  tags = {
+    Name        = var.dns_zone
+    Environment = var.environment
+  }
+}

modules/aws/core/variables.tf

@@ -0,0 +1,25 @@
+variable "environment" {
+  description = "The environment name to use for the deploy"
+  type        = string
+}
+
+variable "name" {
+  description = "Common name for the environment"
+  type        = string
+}
+
+variable "vpc_config" {
+  description = "The configuration for the VPC"
+  type = object({
+    cidr_block = string
+    public_subnet = object({
+      cidr_block = string
+      tags       = map(string)
+    })
+  })
+}
+
+variable "dns_zone" {
+  description = "The DNS Zone that will be used by the EKS cluster"
+  type        = string
+}

modules/aws/core/vpc.tf

@@ -0,0 +1,80 @@
+resource "aws_vpc" "this" {
+  cidr_block           = var.vpc_config.cidr_block
+  enable_dns_support   = true
+  enable_dns_hostnames = true
+
+  tags = {
+    Name        = var.name
+    Environment = var.environment
+  }
+}
+
+resource "aws_subnet" "public" {
+  for_each = { for idx, az in data.aws_availability_zones.available.names : az => idx }
+
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = cidrsubnet(var.vpc_config.public_subnet.cidr_block, 2, each.value)
+  availability_zone = each.key
+
+  tags = merge(
+    var.vpc_config.public_subnet.tags,
+    {
+      Name        = "${var.environment}-${var.name}-public-${each.value}"
+      Environment = var.environment
+    }
+  )
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+
+  tags = {
+    Name        = var.name
+    Environment = var.environment
+  }
+}
+
+resource "aws_route_table" "public" {
+  vpc_id = aws_vpc.this.id
+
+  tags = {
+    Name        = "${var.name}-public"
+    Environment = var.environment
+  }
+}
+
+resource "aws_route" "public" {
+  route_table_id         = aws_route_table.public.id
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = aws_internet_gateway.this.id
+}
+
+resource "aws_route_table_association" "public" {
+  for_each = { for idx, az in data.aws_availability_zones.available.names : az => idx }
+
+  route_table_id = aws_route_table.public.id
+  subnet_id      = aws_subnet.public[each.key].id
+}
+
+resource "aws_eip" "nat" {
+  for_each = { for idx, az in data.aws_availability_zones.available.names : az => idx }
+
+  vpc = true
+
+  tags = {
+    Name        = "${var.name}-${each.value}"
+    Environment = var.environment
+  }
+}
+
+resource "aws_nat_gateway" "nat" {
+  for_each = { for idx, az in data.aws_availability_zones.available.names : az => idx }
+
+  allocation_id = aws_eip.nat[each.key].id
+  subnet_id     = aws_subnet.public[each.key].id
+
+  tags = {
+    Name        = "${var.name}-${each.value}"
+    Environment = var.environment
+  }
+}

modules/aws/eks-global/README.md

@@ -0,0 +1,26 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | 0.13.5 |
+| aws | 3.20.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | 3.20.0 |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| environment | The environment name to use for the deploy | `string` | n/a | yes |
+| name | Common name for the environment | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| velero\_config | ARN of velero s3 backup bucket |
+

modules/aws/eks-global/iam.tf

@@ -0,0 +1,42 @@
+data "aws_iam_policy_document" "eks_admin_permission" {
+  statement {
+    effect = "Allow"
+    actions = [
+      "eks:*"
+    ]
+    resources = [
+      "*"
+    ]
+  }
+}
+
+data "aws_iam_policy_document" "eks_admin_assume" {
+  statement {
+    actions = [
+      "sts:AssumeRole"
+    ]
+    effect = "Allow"
+    principals {
+      identifiers = [
+        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
+      ]
+      type = "AWS"
+    }
+  }
+}
+
+resource "aws_iam_policy" "eks_admin" {
+  name        = "iam-policy-eks-admin"
+  description = "EKS Admin Role Plocy"
+  policy      = data.aws_iam_policy_document.eks_admin_permission.json
+}
+
+resource "aws_iam_role" "eks_admin" {
+  name               = "iam-role-eks-admin"
+  assume_role_policy = data.aws_iam_policy_document.eks_admin_assume.json
+}
+
+resource "aws_iam_role_policy_attachment" "eks_admin" {
+  role       = aws_iam_role.eks_admin.name
+  policy_arn = aws_iam_policy.eks_admin.arn
+}

modules/aws/eks-global/main.tf

@@ -0,0 +1,13 @@
+terraform {
+  required_version = "0.13.5"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "3.20.0"
+    }
+  }
+}
+
+data "aws_region" "current" {}
+
+data "aws_caller_identity" "current" {}

modules/aws/eks-global/outputs.tf

@@ -0,0 +1,7 @@
+output "velero_config" {
+  description = "ARN of velero s3 backup bucket"
+  value = {
+    s3_bucket_arn = aws_s3_bucket.velero.arn
+    s3_bucket_id  = aws_s3_bucket.velero.id
+  }
+}

modules/aws/eks-global/variables.tf

@@ -0,0 +1,9 @@
+variable "environment" {
+  description = "The environment name to use for the deploy"
+  type        = string
+}
+
+variable "name" {
+  description = "Common name for the environment"
+  type        = string
+}

modules/aws/eks-global/velero.tf

@@ -0,0 +1,29 @@
+resource "aws_kms_key" "velero" {
+  description             = "Velero S3 Bucket Encrytion for ${var.environment}-${data.aws_region.current.name}-${var.name}-velero"
+  deletion_window_in_days = 10
+  enable_key_rotation     = true
+
+  tags = {
+    Name        = "${var.environment}-${var.name}-velero"
+    Environment = var.environment
+  }
+}
+
+resource "aws_s3_bucket" "velero" { #tfsec:ignore:AWS002
+  bucket = "${var.environment}-${data.aws_region.current.name}-${var.name}-velero"
+  acl    = "private"
+
+  server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        kms_master_key_id = aws_kms_key.velero.arn
+        sse_algorithm     = "aws:kms"
+      }
+    }
+  }
+
+  tags = {
+    Name        = "${var.environment}-${data.aws_region.current.name}-${var.name}-velero"
+    Environment = var.environment
+  }
+}

modules/aws/eks/README.md

@@ -0,0 +1,35 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | 0.13.5 |
+| aws | 3.20.0 |
+| tls | 3.0.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | 3.20.0 |
+| tls | 3.0.0 |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| core\_name | The core name for the environment | `string` | n/a | yes |
+| eks\_config | The EKS Config | <pre>object({<br>    kubernetes_version = string<br>    cidr_block         = string<br>    node_groups = list(object({<br>      name            = string<br>      release_version = string<br>      min_size        = number<br>      max_size        = number<br>      disk_size       = number<br>      instance_types  = list(string)<br>    }))<br>  })</pre> | n/a | yes |
+| eks\_name\_suffix | The suffix for the eks clusters | `number` | `1` | no |
+| environment | The environment name to use for the deploy | `string` | n/a | yes |
+| name | Common name for the environment | `string` | n/a | yes |
+| velero\_config | Velero configuration | <pre>object({<br>    s3_bucket_arn = string<br>    s3_bucket_id  = string<br>  })</pre> | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| external\_dns\_config | Configuration for External DNS |
+| external\_secrets\_config | Configuration for External DNS |
+| kube\_config | Kube config for the created EKS cluster |
+| velero\_config | Configuration for Velero |
+