example has been split into variables outputs and main and refactored

Author: apolloakora

example/vpc.network-example.tf renamed to example/vpc.example-main.tf

@@ -1,4 +1,39 @@
 
+/*
+ | --
+ | -- If you are using an IAM role as the AWS access mechanism then
+ | -- pass it as in_role_arn commonly through an environment variable
+ | -- named TF_VAR_in_role_arn in addition to the usual AWS access
+ | -- key, secret key and default region parameters.
+ | --
+*/
+provider aws {
+    dynamic assume_role {
+        for_each = length( var.in_role_arn ) > 0 ? [ var.in_role_arn ] : [] 
+        content {
+            role_arn = assume_role.value
+	}
+    }
+}
+
+
+/*
+ | --
+ | -- Terraform will tag every significant resource allowing you to report and collate
+ | --
+ | --   [1] - all infrastructure in all environments dedicated to your app (ecosystem_name)
+ | --   [2] - the infrastructure dedicated to this environment instance (timestamp)
+ | --
+*/
+locals {
+    ecosystem_name = "virtual-net"
+    timestamp = formatdate( "YYMMDDhhmmss", timestamp() )
+    date_time = formatdate( "EEEE DD-MMM-YY hh:mm:ss ZZZ", timestamp() )
+    description = "was created by me on ${ local.date_time }."
+}
+
+
+
 ### #################### ###
 ### Example VPC Networks ###
 ### #################### ###
@@ -40,68 +75,3 @@ module no-private-subnets {
     in_timestamp   = local.timestamp
     in_description = local.description
 }
-
-
-### ########################### ###
-### Example VPC Network Outputs ###
-### ########################### ###
-
-output subnet_ids_1{ value = module.vpc-net.out_subnet_ids }
-output private_subnet_ids_1{ value = module.vpc-net.out_private_subnet_ids }
-output public_subnet_ids_1{ value = module.vpc-net.out_public_subnet_ids }
-
-output subnet_ids_2{ value = module.two-pub-priv-subnets.out_subnet_ids }
-output private_subnet_ids_2{ value = module.two-pub-priv-subnets.out_private_subnet_ids }
-output public_subnet_ids_2{ value = module.two-pub-priv-subnets.out_public_subnet_ids }
-
-output subnet_ids_3{ value = module.no-private-subnets.out_subnet_ids }
-output private_subnet_ids_3{ value = module.no-private-subnets.out_private_subnet_ids }
-output public_subnet_ids_3{ value = module.no-private-subnets.out_public_subnet_ids }
-
-
-/*
- | --
- | -- If you are using an IAM role as the AWS access mechanism then
- | -- pass it as in_role_arn commonly through an environment variable
- | -- named TF_VAR_in_role_arn in addition to the usual AWS access
- | -- key, secret key and default region parameters.
- | --
- | -- Individuals and small businesses without hundreds of AWS accounts
- | -- can omit the in_role_arn variable. and thanks to dynamic assignment
- | --
-*/
-provider aws {
-    dynamic assume_role {
-        for_each = length( var.in_role_arn ) > 0 ? [ var.in_role_arn ] : [] 
-        content {
-            role_arn = assume_role.value
-	}
-    }
-}
-
-variable in_role_arn {
-    description = "The Role ARN to use when we assume role to implement the provisioning."
-    default = ""
-}
-
-
-/*
- | --
- | -- ### ############# ###
- | -- ### Resource Tags ###
- | -- ### ############# ###
- | --
- | -- Terraform will tag every significant resource allowing you to report and collate
- | --
- | --   [1] - all infrastructure in all environments dedicated to your app (ecosystem_name)
- | --   [2] - the infrastructure dedicated to this environment instance (timestamp)
- | --
- | -- The human readable description reveals the when, where and what of the infrastructure.
- | --
-*/
-locals {
-    ecosystem_name = "virtual-net"
-    timestamp = formatdate( "YYMMDDhhmmss", timestamp() )
-    date_time = formatdate( "EEEE DD-MMM-YY hh:mm:ss ZZZ", timestamp() )
-    description = "was created by me on ${ local.date_time }."
-}

example/vpc.example-outputs.tf

@@ -0,0 +1,40 @@
+
+### ########################### ###
+### Example VPC Network Outputs ###
+### ########################### ###
+
+output subnet_ids_1 {
+    value = module.vpc-net.out_subnet_ids
+}
+
+output private_subnet_ids_1 {
+    value = module.vpc-net.out_private_subnet_ids
+}
+
+output public_subnet_ids_1 {
+    value = module.vpc-net.out_public_subnet_ids
+}
+
+output subnet_ids_2 {
+    value = module.two-pub-priv-subnets.out_subnet_ids
+}
+
+output private_subnet_ids_2 {
+    value = module.two-pub-priv-subnets.out_private_subnet_ids
+}
+
+output public_subnet_ids_2 {
+    value = module.two-pub-priv-subnets.out_public_subnet_ids
+}
+
+output subnet_ids_3 {
+    value = module.no-private-subnets.out_subnet_ids
+}
+
+output private_subnet_ids_3 {
+    value = module.no-private-subnets.out_private_subnet_ids
+}
+
+output public_subnet_ids_3 {
+    value = module.no-private-subnets.out_public_subnet_ids
+}

example/vpc.example-variables.tf

@@ -0,0 +1,14 @@
+
+/*
+ | --
+ | -- If you are using an IAM role as the AWS access mechanism then
+ | -- pass it as in_role_arn commonly through an environment variable
+ | -- named TF_VAR_in_role_arn in addition to the usual AWS access
+ | -- key, secret key and default region parameters.
+ | --
+*/
+variable in_role_arn {
+    description = "The optional role arn to use if your AWS access mechanism is via IAM roles."
+    default     = ""
+    type        = string
+}

template_for_flow_logs.txt

@@ -1,61 +1,4 @@
 
 ### Use this template to create flow logs module
 
-data "aws_iam_policy_document" "flow_log_role" {
-  statement {
-    sid = ""
-
-    actions = [
-      "sts:AssumeRole",
-    ]
-
-    principals {
-      type        = "Service"
-      identifiers = ["vpc-flow-logs.amazonaws.com"]
-    }
-  }
-}
-
-resource "aws_iam_role" "flow_log_role" {
-  name               = "flow_log_role-${var.environment}"
-  assume_role_policy = "${data.aws_iam_policy_document.flow_log_role.json}"
-}
-
-data "aws_iam_policy_document" "flow_log_policy" {
-  statement {
-    actions = [
-      "logs:CreateLogGroup",
-      "logs:CreateLogStream",
-      "logs:PutLogEvents",
-      "logs:DescribeLogGroups",
-      "logs:DescribeLogStreams",
-    ]
-
-    resources = [
-      "*",
-    ]
-  }
-}
-
-resource "aws_iam_role_policy" "flow_log_policy" {
-  name   = "flow_log_policy-${var.environment}"
-  role   = "${aws_iam_role.flow_log_role.id}"
-  policy = "${data.aws_iam_policy_document.flow_log_policy.json}"
-}
-
-resource "aws_cloudwatch_log_group" "vpc-flow-log-group" {
-  name = "vpc-flow-log-group-${var.environment}"
-
-  tags = "${merge(
-      map("Name", "vpc-flow-log-group-${var.environment}"),
-      var.tags
-    )}"
-}
-
-resource "aws_flow_log" "flow_log" {
-  log_destination = "${aws_cloudwatch_log_group.vpc-flow-log-group.arn}"
-  iam_role_arn    = "${aws_iam_role.flow_log_role.arn}"
-  vpc_id          = "${aws_vpc.shared-services.id}"
-  traffic_type    = "ALL"
-}