Merge pull request #1 from pablo19sc/main

v0.0.1 VPC Lattice module

.gitignore

@@ -40,3 +40,5 @@ terraform.rc
 
 go.mod
 go.sum
+
+.DS_Store

.project_automation/functional_tests/entrypoint.sh

@@ -9,12 +9,14 @@ echo "Starting Functional Tests"
 
 cd ${PROJECT_PATH}
 
+export AWS_DEFAULT_REGION=eu-west-1
+
 #********** Checkov Analysis *************
 echo "Running Checkov Analysis"
 terraform init
 terraform plan -out tf.plan
 terraform show -json tf.plan  > tf.json 
-checkov 
+checkov --download-external-modules true
 
 #********** Terratest execution **********
 echo "Running Terratest"

data.tf

@@ -0,0 +1,34 @@
+# --- root/data.tf ---
+
+locals {
+  # ---------- VPC Lattice Service Network variables -----------
+  # Determine if a Service Network should be created
+  create_service_network = contains(keys(var.service_network), "name")
+  # Service Network identifier
+  service_network = local.create_service_network ? aws_vpclattice_service_network.lattice_service_network[0].id : try(var.service_network.identifier, null)
+  # Service Network ARN
+  service_network_arn = local.create_service_network ? aws_vpclattice_service_network.lattice_service_network[0].arn : try(var.service_network.identifier, null)
+  # Checking if Service Network identifier was provided by the user
+  sn_identifier_provided = contains(keys(var.service_network), "identifier")
+  # Checking if Service Network auth policy should be created
+  sn_auth_policy = (try(var.service_network.auth_type, "NONE") == "AWS_IAM") && (contains(keys(var.service_network), "auth_policy"))
+
+  # ---------- VPC Lattice Service variables ---------
+  # Service Association - if Service Network is created or passed
+  create_service_association = local.create_service_network || local.sn_identifier_provided
+
+  # ---------- VPC Lattice Target Groups ----------
+  # We create a map of target group IDs
+  target_group_ids = merge(
+    try({ for k, v in aws_vpclattice_target_group.lambda_lattice_target_group : k => v.id }, {}),
+    try({ for k, v in aws_vpclattice_target_group.lattice_target_group : k => v.id }, {}),
+  )
+}
+
+# Sanitizes tags for aws provider
+module "tags" {
+  source  = "aws-ia/label/aws"
+  version = "0.0.5"
+
+  tags = var.tags
+}

examples/service/.header.md

@@ -0,0 +1,10 @@
+# Amazon VPC Lattice - Example: Service creation
+
+This example shows how you can use the VPC Lattice module to only create a Service - without the creation of a Service Network. In the Service, the example also creates the following:
+
+* 2 Listeners (HTTP and HTTPS).
+* The HTTP listener has a *fixed-response* as default action, and two Listener Rules (*path_match* and *headers_match*).
+* The HTTPS listener has a *forward* as default action.
+* Three target groups (1 Instance and 2 Lambda types) without targets.
+
+In the `outputs.tf` file, you can see an example on how to obtain the Service Network information (DNS name, Service ID, and Listeners IDs).

examples/service/README.md

@@ -0,0 +1,48 @@
+<!-- BEGIN_TF_DOCS -->
+# Amazon VPC Lattice - Example: Service creation
+
+This example shows how you can use the VPC Lattice module to only create a Service - without the creation of a Service Network. In the Service, the example also creates the following:
+
+* 2 Listeners (HTTP and HTTPS).
+* The HTTP listener has a *fixed-response* as default action, and two Listener Rules (*path\_match* and *headers\_match*).
+* The HTTPS listener has a *forward* as default action.
+* Three target groups (1 Instance and 2 Lambda types) without targets.
+
+In the `outputs.tf` file, you can see an example on how to obtain the Service Network information (DNS name, Service ID, and Listeners IDs).
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.66.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_myservice"></a> [myservice](#module\_myservice) | ../.. | n/a |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | aws-ia/vpc/aws | 4.2.1 |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS Region to use. | `string` | `"eu-west-1"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_service_dns_name"></a> [service\_dns\_name](#output\_service\_dns\_name) | VPC Lattice Services. |
+| <a name="output_service_id"></a> [service\_id](#output\_service\_id) | VPC Lattice Service ID. |
+| <a name="output_service_listeners"></a> [service\_listeners](#output\_service\_listeners) | VPC Lattice listeners. |
+<!-- END_TF_DOCS -->

examples/service/main.tf

@@ -0,0 +1,100 @@
+# --- examples/service/main.tf ---
+
+# VPC Lattice Service - with two listeners and two three groups
+module "myservice" {
+  source = "../.."
+
+  services = {
+    myservice = {
+      name      = "myservice"
+      auth_type = "AWS_IAM"
+      auth_policy = jsonencode({
+        Version = "2012-10-17"
+        Statement = [
+          {
+            Action    = "*"
+            Effect    = "Allow"
+            Principal = "*"
+            Resource  = "*"
+            Condition = {
+              StringNotEqualsIgnoreCase = {
+                "aws:PrincipalType" = "anonymous"
+              }
+            }
+          }
+        ]
+      })
+
+      listeners = {
+        # HTTP listener
+        http_listener = {
+          name                         = "httplistener"
+          port                         = 80
+          protocol                     = "HTTP"
+          default_action_fixedresponse = { status_code = 404 }
+          rules = {
+            lambdapath = {
+              priority   = 10
+              path_match = { prefix = "/lambda" }
+              action_forward = {
+                target_groups = {
+                  lambdatargethttp = { weight = 100 }
+                }
+              }
+            }
+            instanceheader = {
+              priority = 20
+              header_matches = {
+                name  = "target"
+                exact = "instance"
+              }
+              action_fixedresponse = { status_code = 404 }
+            }
+          }
+        }
+        # HTTPS listener
+        https_listener = {
+          name     = "httpslistener"
+          port     = 443
+          protocol = "HTTPS"
+          default_action_forward = {
+            target_groups = {
+              instancetarget    = { weight = 50 }
+              lambdatargethttps = { weight = 50 }
+            }
+          }
+        }
+      }
+    }
+  }
+
+  target_groups = {
+    instancetarget = {
+      name = "instance-target"
+      type = "INSTANCE"
+      config = {
+        port           = 80
+        protocol       = "HTTP"
+        vpc_identifier = module.vpc.vpc_attributes.id
+        health_check = {
+          enabled = false
+        }
+      }
+    }
+    lambdatargethttp  = { type = "LAMBDA" }
+    lambdatargethttps = { type = "LAMBDA" }
+  }
+}
+
+module "vpc" {
+  source  = "aws-ia/vpc/aws"
+  version = "4.2.1"
+
+  name       = "provider-vcp"
+  cidr_block = "10.0.0.0/24"
+  az_count   = 2
+
+  subnets = {
+    workload = { netmask = 28 }
+  }
+}

examples/service/outputs.tf

@@ -0,0 +1,16 @@
+# --- examples/service/outputs.tf ---
+
+output "service_dns_name" {
+  description = "VPC Lattice Services."
+  value       = module.myservice.services.myservice.attributes.dns_entry[0].domain_name
+}
+
+output "service_id" {
+  description = "VPC Lattice Service ID."
+  value       = { for k, v in module.myservice.services : k => v.attributes.id }
+}
+
+output "service_listeners" {
+  description = "VPC Lattice listeners."
+  value       = { for k, v in module.myservice.listeners_by_service : k => { for i, j in v : i => j.attributes.listener_id } }
+}

examples/service/providers.tf

@@ -0,0 +1,16 @@
+# --- examples/service/providers.tf ---
+
+terraform {
+  required_version = ">= 1.3.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.66.0"
+    }
+  }
+}
+
+# Provider definition
+provider "aws" {
+  region = var.aws_region
+}

examples/service/variables.tf

@@ -0,0 +1,7 @@
+# --- examples/service/variables.tf ---
+
+variable "aws_region" {
+  type        = string
+  description = "AWS Region to use."
+  default     = "eu-west-1"
+}

examples/service_association/.header.md

@@ -0,0 +1,3 @@
+# Amazon VPC Lattice - Example: Service Associations
+
+This example shows how you can use the VPC Lattice module to create Service Associations to an existing Service Network (created in a separate call of the VPC Lattice module). In the `outputs.tf` file, you can see an example on how to obtain the Services information (ID, DNS name, and Service Association ID).

examples/service_association/README.md

@@ -0,0 +1,39 @@
+<!-- BEGIN_TF_DOCS -->
+# Amazon VPC Lattice - Example: Service Associations
+
+This example shows how you can use the VPC Lattice module to create Service Associations to an existing Service Network (created in a separate call of the VPC Lattice module). In the `outputs.tf` file, you can see an example on how to obtain the Services information (ID, DNS name, and Service Association ID).
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.66.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_service_network"></a> [service\_network](#module\_service\_network) | ../.. | n/a |
+| <a name="module_services"></a> [services](#module\_services) | ../.. | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS Region to use. | `string` | `"eu-west-1"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_services"></a> [services](#output\_services) | VPC Lattice Service ID. |
+<!-- END_TF_DOCS -->