Skip to content

Commit b452901

Browse files
mglotovmglotov
authored
doc: update documentation for used terraform modules (#285)
1 parent 272e336 commit b452901

File tree

12 files changed

+305
-33
lines changed

12 files changed

+305
-33
lines changed

docs/aws-ec2-pritunl-diagram.svg

Lines changed: 4 additions & 0 deletions
Loading

terraform/layer1-aws/aws-ec2-pritunl.tf

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,11 @@
22
module "pritunl" {
33
count = var.pritunl_vpn_server_enable ? 1 : 0
44

5-
source = "../modules/aws-ec2-pritunl"
6-
environment = local.env
7-
vpc_id = module.vpc.vpc_id
8-
public_subnets = module.vpc.public_subnets
5+
source = "../modules/aws-ec2-pritunl"
6+
environment = local.env
7+
vpc_id = module.vpc.vpc_id
8+
public_subnets = module.vpc.public_subnets
9+
private_subnets = module.vpc.private_subnets
910
ingress_with_cidr_blocks = [
1011
{
1112
protocol = "6"

terraform/modules/aws-ec2-pritunl/README.md

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
<!-- BEGIN_TF_DOCS -->
2+
## Requirements
3+
4+
No requirements.
5+
6+
## Providers
7+
8+
| Name | Version |
9+
| ------------------------------------------------- | ------- |
10+
| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
11+
12+
## Modules
13+
14+
| Name | Source | Version |
15+
| ----------------------------------------------------------------------- | --------------------------------------------------------- | ------- |
16+
| <a name="module_backup_role"></a> [backup\_role](#module\_backup\_role) | terraform-aws-modules/iam/aws//modules/iam-assumable-role | 4.14.0 |
17+
| <a name="module_ec2_sg"></a> [ec2\_sg](#module\_ec2\_sg) | terraform-aws-modules/security-group/aws | 4.8.0 |
18+
| <a name="module_efs_sg"></a> [efs\_sg](#module\_efs\_sg) | terraform-aws-modules/security-group/aws | 4.8.0 |
19+
| <a name="module_iam_policy"></a> [iam\_policy](#module\_iam\_policy) | terraform-aws-modules/iam/aws//modules/iam-policy | 4.14.0 |
20+
| <a name="module_this_role"></a> [this\_role](#module\_this\_role) | terraform-aws-modules/iam/aws//modules/iam-assumable-role | 4.14.0 |
21+
22+
## Resources
23+
24+
| Name | Type |
25+
| -------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
26+
| [aws_autoscaling_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) | resource |
27+
| [aws_backup_plan.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_plan) | resource |
28+
| [aws_backup_selection.efs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_selection) | resource |
29+
| [aws_backup_vault.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_vault) | resource |
30+
| [aws_efs_file_system.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system) | resource |
31+
| [aws_efs_mount_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_mount_target) | resource |
32+
| [aws_eip.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
33+
| [aws_iam_instance_profile.this_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
34+
| [aws_launch_template.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |
35+
| [aws_ami.amazon_linux_2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
36+
| [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
37+
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
38+
39+
## Inputs
40+
41+
| Name | Description | Type | Default | Required |
42+
| ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | :------: |
43+
| <a name="input_encrypted"></a> [encrypted](#input\_encrypted) | Encrypt or not EFS | `bool` | `true` | no |
44+
| <a name="input_environment"></a> [environment](#input\_environment) | Environment name | `string` | `"infra"` | no |
45+
| <a name="input_ingress_with_cidr_blocks"></a> [ingress\_with\_cidr\_blocks](#input\_ingress\_with\_cidr\_blocks) | A list of Pritunl server security group rules where source is CIDR | <pre>list(object({<br> protocol = string<br> from_port = string<br> to_port = string<br> cidr_blocks = string<br> }))</pre> | `[]` | no |
46+
| <a name="input_ingress_with_source_security_group_id"></a> [ingress\_with\_source\_security\_group\_id](#input\_ingress\_with\_source\_security\_group\_id) | A list of Pritunl server security group rules where source is another security group | <pre>list(object({<br> protocol = string<br> from_port = string<br> to_port = string<br> security_groups = string<br> }))</pre> | `[]` | no |
47+
| <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | Pritunl server instance type | `string` | `"t3.small"` | no |
48+
| <a name="input_kms_key_id"></a> [kms\_key\_id](#input\_kms\_key\_id) | KMS key ID in case of using CMK | `any` | `null` | no |
49+
| <a name="input_name"></a> [name](#input\_name) | Name used for all resources in this module | `string` | `"pritunl"` | no |
50+
| <a name="input_private_subnets"></a> [private\_subnets](#input\_private\_subnets) | A list of private subnets where EFS will be created | `list(any)` | n/a | yes |
51+
| <a name="input_public_subnets"></a> [public\_subnets](#input\_public\_subnets) | A list of public subnets where Pritunl server will be run | `list(any)` | n/a | yes |
52+
| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | ID of the VPC where to create security groups | `string` | n/a | yes |
53+
54+
## Outputs
55+
56+
| Name | Description |
57+
| ---------------------------------------------------------------------------------------------------------- | ----------- |
58+
| <a name="output_pritunl_endpoint"></a> [pritunl\_endpoint](#output\_pritunl\_endpoint) | n/a |
59+
| <a name="output_pritunl_security_group"></a> [pritunl\_security\_group](#output\_pritunl\_security\_group) | n/a |
60+
<!-- END_TF_DOCS -->
61+
62+
## Architecture diagram
63+
64+
![pritunl-server-architecture-diagram](../../../docs/aws-ec2-pritunl-diagram.svg)
65+
66+
## Description
67+
* AWS ASG is used to automatically run "broken" instance again
68+
* The entire logic is located in user-data script:
69+
* Install MongoDB
70+
* Install Pritunl-server
71+
* Configure sysctl
72+
* Attache Elastic IP
73+
* Disable source-destination check, because this instance will forward traffic
74+
* Mount EFS filesystem into directory with MongoDB data. We don't want to care about AZ and EBS disks
75+
* AWS Backup is configured to backup EFS storage

terraform/modules/aws-ec2-pritunl/backup.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,9 @@ resource "aws_backup_vault" "this" {
33
}
44

55
resource "aws_backup_plan" "this" {
6-
name = "${var.name}_backup_plan"
6+
name = var.name
77
rule {
8-
rule_name = "${var.name}_backup_plan_efs"
8+
rule_name = var.name
99
target_vault_name = aws_backup_vault.this.name
1010
schedule = "cron(0 1 * * ? *)"
1111
lifecycle {
@@ -16,7 +16,7 @@ resource "aws_backup_plan" "this" {
1616

1717
resource "aws_backup_selection" "efs" {
1818
iam_role_arn = module.backup_role.iam_role_arn
19-
name = "${var.name}_backup_selection_efs"
19+
name = "${var.name}-efs"
2020
plan_id = aws_backup_plan.this.id
2121

2222
resources = [

terraform/modules/aws-ec2-pritunl/variables.tf

Lines changed: 32 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,23 +1,43 @@
1-
variable "vpc_id" {}
2-
variable "public_subnets" {}
1+
variable "vpc_id" {
2+
type = string
3+
description = "ID of the VPC where to create security groups"
4+
}
5+
6+
variable "public_subnets" {
7+
type = list(any)
8+
description = "A list of public subnets where Pritunl server will be run"
9+
}
10+
11+
variable "private_subnets" {
12+
type = list(any)
13+
description = "A list of private subnets where EFS will be created"
14+
}
315

416
variable "name" {
5-
default = "pritunl"
17+
default = "pritunl"
18+
description = "Name used for all resources in this module"
619
}
20+
721
variable "environment" {
8-
default = "infra"
22+
default = "infra"
23+
description = "Environment name"
924
}
25+
1026
variable "instance_type" {
11-
default = "t3.small"
27+
default = "t3.small"
28+
description = "Pritunl server instance type"
1229
}
1330

1431
variable "encrypted" {
15-
default = true
32+
default = true
33+
description = "Encrypt or not EFS"
1634
}
1735

1836
variable "kms_key_id" {
19-
default = null
37+
default = null
38+
description = "KMS key ID in case of using CMK"
2039
}
40+
2141
variable "ingress_with_source_security_group_id" {
2242
type = list(object({
2343
protocol = string
@@ -26,8 +46,10 @@ variable "ingress_with_source_security_group_id" {
2646
security_groups = string
2747
}))
2848

29-
default = []
49+
default = []
50+
description = "A list of Pritunl server security group rules where source is another security group"
3051
}
52+
3153
variable "ingress_with_cidr_blocks" {
3254
type = list(object({
3355
protocol = string
@@ -36,5 +58,6 @@ variable "ingress_with_cidr_blocks" {
3658
cidr_blocks = string
3759
}))
3860

39-
default = []
61+
default = []
62+
description = "A list of Pritunl server security group rules where source is CIDR"
4063
}

terraform/modules/aws-iam-eks-trusted/README.md

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
<!-- BEGIN_TF_DOCS -->
2+
## Requirements
3+
4+
No requirements.
5+
6+
## Providers
7+
8+
| Name | Version |
9+
|------|---------|
10+
| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
11+
12+
## Modules
13+
14+
No modules.
15+
16+
## Resources
17+
18+
| Name | Type |
19+
|------|------|
20+
| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
21+
| [aws_iam_role_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
22+
23+
## Inputs
24+
25+
| Name | Description | Type | Default | Required |
26+
|------|-------------|------|---------|:--------:|
27+
| <a name="input_name"></a> [name](#input\_name) | Name, required to form unique resource names | `any` | n/a | yes |
28+
| <a name="input_oidc_provider_arn"></a> [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | The ARN of the OIDC Provider | `any` | n/a | yes |
29+
| <a name="input_policy"></a> [policy](#input\_policy) | The policy that will be attached to role | `any` | n/a | yes |
30+
| <a name="input_region"></a> [region](#input\_region) | Target region for all infrastructure resources | `any` | n/a | yes |
31+
32+
## Outputs
33+
34+
| Name | Description |
35+
|------|-------------|
36+
| <a name="output_role_arn"></a> [role\_arn](#output\_role\_arn) | This role ARN |
37+
<!-- END_TF_DOCS -->

terraform/modules/aws-iam-eks-trusted/variables.tf

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,13 @@
11
variable "oidc_provider_arn" {
22
description = "The ARN of the OIDC Provider"
3-
default = ""
43
}
4+
55
variable "name" {
66
description = "Name, required to form unique resource names"
7-
default = ""
87
}
98

109
variable "region" {
1110
description = "Target region for all infrastructure resources"
12-
default = ""
1311
}
1412

1513
variable "policy" {

terraform/modules/aws-iam-user-with-policy/README.md

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
<!-- BEGIN_TF_DOCS -->
2+
## Requirements
3+
4+
No requirements.
5+
6+
## Providers
7+
8+
| Name | Version |
9+
|------|---------|
10+
| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
11+
12+
## Modules
13+
14+
No modules.
15+
16+
## Resources
17+
18+
| Name | Type |
19+
|------|------|
20+
| [aws_iam_access_key.this_user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource |
21+
| [aws_iam_user.this_user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource |
22+
| [aws_iam_user_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy) | resource |
23+
24+
## Inputs
25+
26+
| Name | Description | Type | Default | Required |
27+
|------|-------------|------|---------|:--------:|
28+
| <a name="input_name"></a> [name](#input\_name) | Project name, required to form unique resource names | `any` | n/a | yes |
29+
| <a name="input_policy"></a> [policy](#input\_policy) | IAM policy that will be attached to user | `any` | n/a | yes |
30+
31+
## Outputs
32+
33+
| Name | Description |
34+
|------|-------------|
35+
| <a name="output_access_key_id"></a> [access\_key\_id](#output\_access\_key\_id) | AWS ACCESS\_KEY\_ID |
36+
| <a name="output_access_secret_key"></a> [access\_secret\_key](#output\_access\_secret\_key) | AWS ACCESS\_SECRET\_KEY |
37+
<!-- END_TF_DOCS -->

terraform/modules/aws-iam-user-with-policy/variables.tf

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
variable "name" {
22
description = "Project name, required to form unique resource names"
3-
default = ""
43
}
54

65
variable "policy" {

0 commit comments

Comments
 (0)