Added 3 tier architecture

opensource4learn · opensource4learn · commit 22314f076932 · 2021-06-19T23:18:28.000+05:30
diff --git a/main.tf b/main.tf
@@ -46,6 +46,7 @@ module "nat_gateway" {
   cluster_prefix      = var.cluster_prefix
   cluster_environment = var.cluster_environment
   public_subnet_ids   = module.public_subnet.public_subnet_ids
+  cluster_architecture = var.cluster_architecture
 }
 
 # AWS VPC Subnets Module - Private Subnet
@@ -67,4 +68,5 @@ module "security_group" {
   vpc_id               = aws_vpc.vpc.id
   cluster_prefix       = var.cluster_prefix
   cluster_environment  = var.cluster_environment
+  cluster_architecture = var.cluster_architecture
 }
diff --git a/modules/nat-gateways/main.tf b/modules/nat-gateways/main.tf
@@ -4,7 +4,7 @@ data "aws_availability_zones" "available_zones" {}
 # AWS Elastic IPs
 resource "aws_eip" "eip" {
   vpc   = true
-  count = length(data.aws_availability_zones.available_zones.names)
+  count = var.cluster_architecture == "2-tier" || var.cluster_architecture == "3-tier" ? length(data.aws_availability_zones.available_zones.names) : 0
 
   tags = {
     Name        = "${var.cluster_prefix}-${count.index + 1}"
@@ -16,7 +16,7 @@ resource "aws_eip" "eip" {
 resource "aws_nat_gateway" "nat_gateway" {
   allocation_id = element(aws_eip.eip.*.id, count.index)
   subnet_id     = element(var.public_subnet_ids, count.index)
-  count         = length(data.aws_availability_zones.available_zones.names)
+  count         = var.cluster_architecture == "2-tier" || var.cluster_architecture == "3-tier" ? length(data.aws_availability_zones.available_zones.names) : 0
 
   tags = {
     Name        = "${var.cluster_prefix}-${count.index + 1}"
diff --git a/modules/nat-gateways/variables.tf b/modules/nat-gateways/variables.tf
@@ -8,6 +8,11 @@ variable "cluster_environment" {
   type        = string
 }
 
+variable "cluster_architecture" {
+  description = "To apply generic cluster_environment to AWS VPC Resources"
+  type        = string
+}
+
 variable "public_subnet_ids" {
   description = "list of public subnets in order of availability zones so that NAT Gateway's can be created in those respective subnets"
   type        = list(any)
diff --git a/modules/security-groups/main.tf b/modules/security-groups/main.tf
@@ -1,68 +1,156 @@
 # AWS Public Security Group
-module "public_security_group" {
-  source              = "./resources"
-  vpc_id              = var.vpc_id
-  cluster_prefix      = var.cluster_prefix
-  cluster_environment = var.cluster_environment
-  sg_type             = "public"
-  sg_description      = "Allow connections from internet"
+# module "public_security_group" {
+#   source              = "./resources"
+#   count               = var.cluster_architecture == "1-tier" || var.cluster_architecture == "2-tier" || var.cluster_architecture == "3-tier" ? 1 : 0
+#   vpc_id              = var.vpc_id
+#   cluster_prefix      = var.cluster_prefix
+#   cluster_environment = var.cluster_environment
+#   sg_type             = "public"
+#   sg_description      = "Allow connections from internet"
+#   cluster_architecture  = var.cluster_architecture
+# }
+
+resource "aws_security_group" "public_security_group" {
+  count                  = var.cluster_architecture == "1-tier" || var.cluster_architecture == "2-tier" || var.cluster_architecture == "3-tier" ? 1 : 0
+  name                   = "${var.cluster_prefix}-public"
+  description            = "Allow connections from internet"
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = true
+
+  egress {
+    description      = "Allow all outbound"
+    from_port        = 0
+    to_port          = 65535
+    protocol         = "-1"
+    cidr_blocks      = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    description      = "Allow http inbound public"
+    from_port        = 80
+    to_port          = 80
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    description      = "Allow https inbound public"
+    from_port        = 443
+    to_port          = 443
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name        = "${var.cluster_prefix}-public"
+    Environment = var.cluster_environment
+    Type        = "public"
+  }
 }
 
 # AWS Public Security Group Rules
-resource "aws_security_group_rule" "allow_http_inbound_public" {
-  type              = "ingress"
-  from_port         = 80
-  to_port           = 80
-  protocol          = "tcp"
-  cidr_blocks       = ["0.0.0.0/0"]
-  security_group_id = module.public_security_group.security_group_id
-}
+# resource "aws_security_group_rule" "allow_http_inbound_public" {
+#   type              = "ingress"
+#   from_port         = 80
+#   to_port           = 80
+#   protocol          = "tcp"
+#   cidr_blocks       = ["0.0.0.0/0"]
+#   security_group_id = aws_security_group.public_security_group.id
+# }
 
-resource "aws_security_group_rule" "allow_https_inbound_public" {
-  type              = "ingress"
-  from_port         = 443
-  to_port           = 443
-  protocol          = "tcp"
-  cidr_blocks       = ["0.0.0.0/0"]
-  security_group_id = module.public_security_group.security_group_id
-}
+# resource "aws_security_group_rule" "allow_https_inbound_public" {
+#   type              = "ingress"
+#   from_port         = 443
+#   to_port           = 443
+#   protocol          = "tcp"
+#   cidr_blocks       = ["0.0.0.0/0"]
+#   security_group_id = aws_security_group.public_security_group.id
+# }
 
 # AWS Private Security Group
-module "private_security_group" {
-  source              = "./resources"
-  vpc_id              = var.vpc_id
-  cluster_prefix      = var.cluster_prefix
-  cluster_environment = var.cluster_environment
-  sg_type             = "private"
-  sg_description      = "The private security group to allows inbound traffic from public group"
+# module "private_security_group" {
+#   source              = "./resources"
+#   count                = var.cluster_architecture == "2-tier" || var.cluster_architecture == "3-tier" ? 1 : 0
+#   vpc_id              = var.vpc_id
+#   cluster_prefix      = var.cluster_prefix
+#   cluster_environment = var.cluster_environment
+#   sg_type             = "private"
+#   sg_description      = "The private security group to allows inbound traffic from public group"
+#   cluster_architecture  = var.cluster_architecture
+# }
+
+resource "aws_security_group" "private_security_group" {
+  count                  = var.cluster_architecture == "2-tier" || var.cluster_architecture == "3-tier" ? 1 : 0
+  name                   = "${var.cluster_prefix}-private"
+  description            = "The private security group to allows inbound traffic from public group"
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = true
+
+  egress {
+    from_port        = 0
+    to_port          = 65535
+    protocol         = "-1"
+    cidr_blocks      = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name        = "${var.cluster_prefix}-private"
+    Environment = var.cluster_environment
+    Type        = "private"
+  }
 }
 
 # AWS Private Security Group Rules
 resource "aws_security_group_rule" "allow_inbound_private" {
+  count                    = var.cluster_architecture == "2-tier" || var.cluster_architecture == "3-tier" ? 1 : 0
   type                     = "ingress"
   from_port                = 0
   to_port                  = 65535
   protocol                 = "-1"
-  source_security_group_id = module.public_security_group.security_group_id
-  security_group_id        = module.private_security_group.security_group_id
+  source_security_group_id = aws_security_group.public_security_group[0].id
+  security_group_id        = aws_security_group.private_security_group[0].id
 }
 
 # AWS Storage Security Group
-module "storage_security_group" {
-  source              = "./resources"
-  vpc_id              = var.vpc_id
-  cluster_prefix      = var.cluster_prefix
-  cluster_environment = var.cluster_environment
-  sg_type             = "storage"
-  sg_description      = "The storage security group to allows inbound traffic from private group"
+# module "storage_security_group" {
+#   source              = "./resources"
+#   count                = var.cluster_architecture == "3-tier" ? 1 : 0
+#   vpc_id              = var.vpc_id
+#   cluster_prefix      = var.cluster_prefix
+#   cluster_environment = var.cluster_environment
+#   sg_type             = "storage"
+#   sg_description      = "The storage security group to allows inbound traffic from private group"
+#   cluster_architecture  = var.cluster_architecture
+# }
+
+resource "aws_security_group" "storage_security_group" {
+  count                  = var.cluster_architecture == "3-tier" ? 1 : 0
+  name                   = "${var.cluster_prefix}-storage"
+  description            = "The storage security group to allows inbound traffic from private group"
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = true
+
+  egress {
+    from_port        = 0
+    to_port          = 65535
+    protocol         = "-1"
+    cidr_blocks      = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name        = "${var.cluster_prefix}-storage"
+    Environment = var.cluster_environment
+    Type        = "storage"
+  }
 }
 
 # AWS Storage Security Group Rules
 resource "aws_security_group_rule" "allow_inbound_storage" {
+  count                    = var.cluster_architecture == "3-tier" ? 1 : 0
   type                     = "ingress"
   from_port                = 0
   to_port                  = 65535
   protocol                 = "-1"
-  source_security_group_id = module.private_security_group.security_group_id
-  security_group_id        = module.storage_security_group.security_group_id
+  source_security_group_id = aws_security_group.private_security_group[0].id
+  security_group_id        = aws_security_group.storage_security_group[0].id
 }
diff --git a/modules/security-groups/output.tf b/modules/security-groups/output.tf
@@ -1,11 +1,11 @@
-output "public_security_group_id" {
-  value = module.public_security_group.security_group_id
+output "public_security_group_ids" {
+  value = aws_security_group.public_security_group.*.id
 }
 
-output "private_security_group_id" {
-  value = module.private_security_group.security_group_id
+output "private_security_group_ids" {
+  value = aws_security_group.private_security_group.*.id
 }
 
-output "storage_security_group_id" {
-  value = module.storage_security_group.security_group_id
+output "storage_security_group_ids" {
+  value = aws_security_group.storage_security_group.*.id
 }
diff --git a/modules/security-groups/resources/main.tf b/modules/security-groups/resources/main.tf
@@ -1,23 +1,30 @@
 #  AWS Security Group
-resource "aws_security_group" "security_group" {
-  name                   = "${var.cluster_prefix}-${var.sg_type}"
-  description            = var.sg_description
-  vpc_id                 = var.vpc_id
-  revoke_rules_on_delete = true
+# resource "aws_security_group" "security_group" {
+#   name                   = "${var.cluster_prefix}-${var.sg_type}"
+#   description            = var.sg_description
+#   vpc_id                 = var.vpc_id
+#   revoke_rules_on_delete = true
 
-  tags = {
-    Name        = "${var.cluster_prefix}-${var.sg_type}"
-    Environment = var.cluster_environment
-    Type        = var.sg_type
-  }
-}
+#   egress {
+#     from_port        = 0
+#     to_port          = 65535
+#     protocol         = "-1"
+#     cidr_blocks      = ["0.0.0.0/0"]
+#   }
+
+#   tags = {
+#     Name        = "${var.cluster_prefix}-${var.sg_type}"
+#     Environment = var.cluster_environment
+#     Type        = var.sg_type
+#   }
+# }
 
 # AWS Outbound Security Group Rule
-resource "aws_security_group_rule" "security_group_rule" {
-  type              = "egress"
-  from_port         = 0
-  to_port           = 65535
-  protocol          = "-1"
-  cidr_blocks       = ["0.0.0.0/0"]
-  security_group_id = aws_security_group.security_group.id
-}
+# resource "aws_security_group_rule" "security_group_rule" {
+#   type              = "egress"
+#   from_port         = 0
+#   to_port           = 65535
+#   protocol          = "-1"
+#   cidr_blocks       = ["0.0.0.0/0"]
+#   security_group_id = aws_security_group.security_group.id
+# }
diff --git a/modules/security-groups/resources/output.tf b/modules/security-groups/resources/output.tf
@@ -1,3 +1,3 @@
-output "security_group_id" {
-  value = aws_security_group.security_group.id
-}
+# output "security_group_id" {
+#   value = aws_security_group.security_group.id
+# }
diff --git a/modules/security-groups/resources/variables.tf b/modules/security-groups/resources/variables.tf
@@ -13,6 +13,11 @@ variable "cluster_environment" {
   type        = string
 }
 
+variable "cluster_architecture" {
+  description = "To apply generic cluster_environment to AWS VPC Resources"
+  type        = string
+}
+
 variable "sg_type" {
   description = "Security Group type Eg: public, private and storage"
   type        = string
diff --git a/modules/security-groups/variables.tf b/modules/security-groups/variables.tf
@@ -13,3 +13,8 @@ variable "cluster_environment" {
   type        = string
 }
 
+variable "cluster_architecture" {
+  description = "To apply generic cluster_environment to AWS VPC Resources"
+  type        = string
+}
+
diff --git a/modules/subnets/main.tf b/modules/subnets/main.tf
@@ -5,7 +5,7 @@ data "aws_availability_zones" "available_zones" {}
 module "aws_public_subnet" {
   source              = "./resources"
   create              = contains(var.subnet_type, "public") ? 1 : 0
-  tier                = var.cluster_architecture == "1-tier" ? 1 : 0
+  tier                = var.cluster_architecture == "1-tier" || var.cluster_architecture == "2-tier" || var.cluster_architecture == "3-tier" ? 1 : 0
   cluster_prefix      = var.cluster_prefix
   cluster_environment = var.cluster_environment
   vpc_id              = var.vpc_id
@@ -19,7 +19,7 @@ module "aws_public_subnet" {
 module "aws_private_subnet" {
   source              = "./resources"
   create              = contains(var.subnet_type, "private") ? 1 : 0
-  tier                = var.cluster_architecture == "2-tier" ? 1 : 0
+  tier                = var.cluster_architecture == "2-tier" || var.cluster_architecture == "3-tier" ? 1 : 0
   cluster_prefix      = var.cluster_prefix
   cluster_environment = var.cluster_environment
   vpc_id              = var.vpc_id
@@ -55,8 +55,8 @@ resource "aws_route" "public_route" {
 
 # AWS Route Tables - Private Route
 resource "aws_route" "private_route" {
-  count                  = var.cluster_architecture == "2-tier" || var.cluster_architecture == "3-tier" && contains(var.subnet_type, "private") ? length(data.aws_availability_zones.available_zones.names) : 0
+  count                  = var.cluster_architecture == "2-tier" || var.cluster_architecture == "3-tier" && contains(var.subnet_type, "private") ? length(data.aws_availability_zones.available_zones.names): 0
   route_table_id         = module.aws_private_subnet.route_table_ids[count.index]
   destination_cidr_block = "0.0.0.0/0"
-  nat_gateway_id         = var.aws_nat_gateway_id[count.index]
+  nat_gateway_id         = var.aws_nat_gateway_id[0]
 }
diff --git a/variables.tf b/variables.tf
@@ -14,7 +14,7 @@ variable "cluster_environment" {
 variable "cluster_architecture" {
   description = "To apply generic cluster_environment to AWS VPC Resources"
   type        = string
-  default     = "1-tier"
+  default     = "3-tier"
 }
 
 variable "cidr" {

Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,7 @@ module "nat_gateway" {`
`46`	`46`	`cluster_prefix = var.cluster_prefix`
`47`	`47`	`cluster_environment = var.cluster_environment`
`48`	`48`	`public_subnet_ids = module.public_subnet.public_subnet_ids`
	`49`	`+ cluster_architecture = var.cluster_architecture`
`49`	`50`	`}`
`50`	`51`
`51`	`52`	`# AWS VPC Subnets Module - Private Subnet`
`@@ -67,4 +68,5 @@ module "security_group" {`
`67`	`68`	`vpc_id = aws_vpc.vpc.id`
`68`	`69`	`cluster_prefix = var.cluster_prefix`
`69`	`70`	`cluster_environment = var.cluster_environment`
	`71`	`+ cluster_architecture = var.cluster_architecture`
`70`	`72`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,11 @@`
`1`		`-output "public_security_group_id" {`
`2`		`- value = module.public_security_group.security_group_id`
	`1`	`+output "public_security_group_ids" {`
	`2`	`+ value = aws_security_group.public_security_group.*.id`
`3`	`3`	`}`
`4`	`4`
`5`		`-output "private_security_group_id" {`
`6`		`- value = module.private_security_group.security_group_id`
	`5`	`+output "private_security_group_ids" {`
	`6`	`+ value = aws_security_group.private_security_group.*.id`
`7`	`7`	`}`
`8`	`8`
`9`		`-output "storage_security_group_id" {`
`10`		`- value = module.storage_security_group.security_group_id`
	`9`	`+output "storage_security_group_ids" {`
	`10`	`+ value = aws_security_group.storage_security_group.*.id`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,3 +13,8 @@ variable "cluster_environment" {`
`13`	`13`	`type = string`
`14`	`14`	`}`
`15`	`15`
	`16`	`+variable "cluster_architecture" {`
	`17`	`+ description = "To apply generic cluster_environment to AWS VPC Resources"`
	`18`	`+ type = string`
	`19`	`+}`
	`20`	`+`