aws-accounts/main.tf at main · urmanac/aws-accounts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
provider "aws" {
  # profile = "${var.environment}-bootstrap" # expects you to set up ~/.aws/credentials
  # profile = "terraform-admin-${var.environment}-mfa" # now with MFA required
  #profile= To use Session Token AWS authentication, run ./get_mfa_session.sh
  region = "us-east-1" # pick one
}

# Alias for eu-west-1
provider "aws" {
  alias  = "eu_west_1"
  region = "eu-west-1"
}

module "bootstrap_admin" {
  source      = "./modules/bootstrap-admin"
  environment = var.environment
  account_id  = var.account_map[var.environment]
}


locals {
  env = { for kv in regexall("(\\w+)=(.*)", file(".env")) : kv[0] => kv[1] }
}

module "bastion_ci" {
  source      = "./modules/bastion-ci"
  # providers   = { aws = aws.eu_west_1 }

  name                      = "tf"
  region                    = "eu-west-1"
  vpc_id                    = module.vpc_eu_west_1.vpc_id
  public_subnet_ids         = module.vpc_eu_west_1.public_subnet_ids
  private_subnet_ids        = module.vpc_eu_west_1.private_subnet_ids
  ssm_security_group_id     = module.vpc_eu_west_1.ssm_security_group_id
  bastion_security_group_id = module.vpc_eu_west_1.bastion_security_group_id
  instance_type             = "t4g.small"
  # assign from .env
  my_public_ssh_key         = local.env["MY_PUBLIC_SSH_KEY"]
}

module "vpc_eu_west_1" {
  source = "./modules/vpc"
  name   = "sandbox-eu"
  providers = { aws = aws.eu_west_1 }
  cidr   = "10.10.0.0/16"
  region = "eu-west-1"
  enable_bastion_networking = true
  enable_bastion_private_networking = false
}

module "vpc_us_east_1" {
  source = "./modules/vpc"
  name   = "sandbox-us"
  cidr   = "10.20.0.0/16"
  region = "us-east-1"
}