From 64e6283bc6310702934d8b93b169c5a1b8612d58 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Mon, 12 Jun 2023 18:10:14 -0600 Subject: [PATCH 01/52] vpc_endpoint vpc link proxy --- .../v2/api-gateway-proxy/README.md | 48 ++++++++++++ .../api-gateway/v2/api-gateway-proxy/main.tf | 35 +++++++++ .../v2/api-gateway-proxy/outputs.tf | 14 ++++ .../v2/api-gateway-proxy/variables.tf | 75 +++++++++++++++++++ .../aws/api-gateway/vpc-link/README.md | 38 ++++++++++ .../aws/api-gateway/vpc-link/main.tf | 15 ++++ .../aws/api-gateway/vpc-link/outputs.tf | 3 + .../aws/api-gateway/vpc-link/variables.tf | 34 +++++++++ terraform-modules/aws/vpc-endpoint/README.md | 37 +++++++++ terraform-modules/aws/vpc-endpoint/main.tf | 10 +++ terraform-modules/aws/vpc-endpoint/outputs.tf | 3 + .../aws/vpc-endpoint/variables.tf | 32 ++++++++ 12 files changed, 344 insertions(+) create mode 100644 terraform-modules/aws/api-gateway/v2/api-gateway-proxy/README.md create mode 100644 terraform-modules/aws/api-gateway/v2/api-gateway-proxy/main.tf create mode 100644 terraform-modules/aws/api-gateway/v2/api-gateway-proxy/outputs.tf create mode 100644 terraform-modules/aws/api-gateway/v2/api-gateway-proxy/variables.tf create mode 100644 terraform-modules/aws/api-gateway/vpc-link/README.md create mode 100644 terraform-modules/aws/api-gateway/vpc-link/main.tf create mode 100644 terraform-modules/aws/api-gateway/vpc-link/outputs.tf create mode 100644 terraform-modules/aws/api-gateway/vpc-link/variables.tf create mode 100644 terraform-modules/aws/vpc-endpoint/README.md create mode 100644 terraform-modules/aws/vpc-endpoint/main.tf create mode 100644 terraform-modules/aws/vpc-endpoint/outputs.tf create mode 100644 terraform-modules/aws/vpc-endpoint/variables.tf diff --git a/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/README.md b/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/README.md new file mode 100644 index 000000000..05df3ad2a --- /dev/null +++ b/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/README.md @@ -0,0 +1,48 @@ +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_apigatewayv2_api.proxy_api](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_api) | resource | +| [aws_apigatewayv2_integration.proxy_integration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_integration) | resource | +| [aws_apigatewayv2_route.proxy_route](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_route) | resource | +| [aws_apigatewayv2_vpc_link.vpc_link](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_vpc_link) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [allow\_headers](#input\_allow\_headers) | The list of allowed headers for CORS configuration. | `list(string)` | 
[
  "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
]
| no | +| [allow\_methods](#input\_allow\_methods) | The list of allowed methods for CORS configuration. | `list(string)` | 
[
  "ANY"
]
| no | +| [allow\_origins](#input\_allow\_origins) | The list of allowed origins for CORS configuration. | `list(string)` | 
[
  "*"
]
| no | +| [api\_name](#input\_api\_name) | The name of the API. | `string` | `"MyProxyApi"` | no | +| [api\_protocol\_type](#input\_api\_protocol\_type) | The protocol type for the API. | `string` | `"HTTP"` | no | +| [connection\_type](#input\_connection\_type) | The connection type for the integration. | `string` | `"VPC_LINK"` | no | +| [integration\_type](#input\_integration\_type) | The integration type for the API integration. | `string` | `"HTTP_PROXY"` | no | +| [integration\_uri](#input\_integration\_uri) | The URI for the integration. | `string` | `"https://api.another-gateway.com/{proxy}"` | no | +| [route\_authorization\_type](#input\_route\_authorization\_type) | The authorization type for the route. | `string` | `"NONE"` | no | +| [route\_key](#input\_route\_key) | The route key for the API route. | `string` | `"ANY /{proxy+}"` | no | +| [security\_group\_ids](#input\_security\_group\_ids) | The list of security group IDs associated with the VPC Link. | `list(string)` | n/a | yes | +| [subnet\_ids](#input\_subnet\_ids) | The list of subnet IDs where the VPC Link will be created. | `list(string)` | n/a | yes | +| [vpc\_link\_name](#input\_vpc\_link\_name) | The name of the VPC Link resource. | `string` | `"MyVpcLink"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [proxy\_api\_id](#output\_proxy\_api\_id) | The ID of the API. | +| [proxy\_integration\_id](#output\_proxy\_integration\_id) | The ID of the API integration. | +| [vpc\_link\_id](#output\_vpc\_link\_id) | The ID of the VPC Link. | diff --git a/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/main.tf b/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/main.tf new file mode 100644 index 000000000..fcd9382ec --- /dev/null +++ b/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/main.tf @@ -0,0 +1,35 @@ +resource "aws_apigatewayv2_vpc_link" "vpc_link" { + name = var.vpc_link_name + subnet_ids = var.subnet_ids + security_group_ids = var.security_group_ids +} + +resource "aws_apigatewayv2_api" "proxy_api" { + name = var.api_name + protocol_type = var.api_protocol_type + + cors_configuration { + allow_methods = var.allow_methods + allow_headers = var.allow_headers + allow_origins = var.allow_origins + } + + vpc_link_id = aws_apigatewayv2_vpc_link.vpc_link.id +} + +resource "aws_apigatewayv2_route" "proxy_route" { + api_id = aws_apigatewayv2_api.proxy_api.id + route_key = var.route_key + + authorization_type = var.route_authorization_type + target = "integrations/${aws_apigatewayv2_integration.proxy_integration.id}" +} + +resource "aws_apigatewayv2_integration" "proxy_integration" { + api_id = aws_apigatewayv2_api.proxy_api.id + integration_type = var.integration_type + integration_uri = var.integration_uri + + connection_type = var.connection_type + connection_id = aws_apigatewayv2_vpc_link.vpc_link.id +} diff --git a/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/outputs.tf b/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/outputs.tf new file mode 100644 index 000000000..5b89e1c18 --- /dev/null +++ b/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/outputs.tf @@ -0,0 +1,14 @@ +output "vpc_link_id" { + value = aws_apigatewayv2_vpc_link.vpc_link.id + description = "The ID of the VPC Link." +} + +output "proxy_api_id" { + value = aws_apigatewayv2_api.proxy_api.id + description = "The ID of the API." +} + +output "proxy_integration_id" { + value = aws_apigatewayv2_integration.proxy_integration.id + description = "The ID of the API integration." +} diff --git a/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/variables.tf b/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/variables.tf new file mode 100644 index 000000000..0c999afc2 --- /dev/null +++ b/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/variables.tf @@ -0,0 +1,75 @@ +variable "subnet_ids" { + type = list(string) + description = "The list of subnet IDs where the VPC Link will be created." +} + +variable "security_group_ids" { + type = list(string) + description = "The list of security group IDs associated with the VPC Link." +} + +variable "vpc_link_name" { + type = string + default = "MyVpcLink" + description = "The name of the VPC Link resource." +} + +variable "api_name" { + type = string + default = "MyProxyApi" + description = "The name of the API." +} + +variable "allow_methods" { + type = list(string) + default = ["ANY"] + description = "The list of allowed methods for CORS configuration." +} + +variable "allow_headers" { + type = list(string) + default = ["'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"] + description = "The list of allowed headers for CORS configuration." +} + +variable "allow_origins" { + type = list(string) + default = ["*"] + description = "The list of allowed origins for CORS configuration." +} + +variable "route_key" { + type = string + default = "ANY /{proxy+}" + description = "The route key for the API route." +} + +variable "integration_uri" { + type = string + default = "https://api.another-gateway.com/{proxy}" + description = "The URI for the integration." +} + +variable "api_protocol_type" { + type = string + default = "HTTP" + description = "The protocol type for the API." +} + +variable "route_authorization_type" { + type = string + default = "NONE" + description = "The authorization type for the route." +} + +variable "integration_type" { + type = string + default = "HTTP_PROXY" + description = "The integration type for the API integration." +} + +variable "connection_type" { + type = string + default = "VPC_LINK" + description = "The connection type for the integration." +} diff --git a/terraform-modules/aws/api-gateway/vpc-link/README.md b/terraform-modules/aws/api-gateway/vpc-link/README.md new file mode 100644 index 000000000..cd813a49c --- /dev/null +++ b/terraform-modules/aws/api-gateway/vpc-link/README.md @@ -0,0 +1,38 @@ +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_api_gateway_vpc_link.apivpclink](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_vpc_link) | resource | +| [aws_lb.apivpclinknlb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [internal\_lb](#input\_internal\_lb) | Flag to indicate if the load balancer is internal (true/false) | `bool` | n/a | yes | +| [load\_balancer\_name](#input\_load\_balancer\_name) | Name of the load balancer | `any` | n/a | yes | +| [load\_balancer\_type](#input\_load\_balancer\_type) | Type of load balancer | `any` | n/a | yes | +| [subnet\_id](#input\_subnet\_id) | ID of the subnet for the load balancer | `any` | n/a | yes | +| [tags](#input\_tags) | n/a | `map(any)` | `{}` | no | +| [vpc\_link\_description](#input\_vpc\_link\_description) | Description of the API Gateway VPC link | `any` | n/a | yes | +| [vpc\_link\_name](#input\_vpc\_link\_name) | Name of the API Gateway VPC link | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [api\_gateway\_vpc\_link\_id](#output\_api\_gateway\_vpc\_link\_id) | n/a | diff --git a/terraform-modules/aws/api-gateway/vpc-link/main.tf b/terraform-modules/aws/api-gateway/vpc-link/main.tf new file mode 100644 index 000000000..c14afb565 --- /dev/null +++ b/terraform-modules/aws/api-gateway/vpc-link/main.tf @@ -0,0 +1,15 @@ +resource "aws_lb" "apivpclinknlb" { + name = var.load_balancer_name + internal = var.internal_lb + load_balancer_type = var.load_balancer_type + + subnet_mapping { + subnet_id = var.subnet_id + } +} + +resource "aws_api_gateway_vpc_link" "apivpclink" { + name = var.vpc_link_name + description = var.vpc_link_description + target_arns = [aws_lb.apivpclinknlb.arn] +} diff --git a/terraform-modules/aws/api-gateway/vpc-link/outputs.tf b/terraform-modules/aws/api-gateway/vpc-link/outputs.tf new file mode 100644 index 000000000..0900af807 --- /dev/null +++ b/terraform-modules/aws/api-gateway/vpc-link/outputs.tf @@ -0,0 +1,3 @@ +output "api_gateway_vpc_link_id" { + value = aws_api_gateway_vpc_link.apivpclink.id +} diff --git a/terraform-modules/aws/api-gateway/vpc-link/variables.tf b/terraform-modules/aws/api-gateway/vpc-link/variables.tf new file mode 100644 index 000000000..7ba3f5a96 --- /dev/null +++ b/terraform-modules/aws/api-gateway/vpc-link/variables.tf @@ -0,0 +1,34 @@ +variable "subnet_id" { + description = "ID of the subnet for the load balancer" +} + +variable "vpc_link_name" { + description = "Name of the API Gateway VPC link" +} + +variable "vpc_link_description" { + description = "Description of the API Gateway VPC link" +} + +# Load balancer +variable "subnet_id" { + description = "ID of the subnet for the load balancer" +} + +variable "load_balancer_name" { + description = "Name of the load balancer" +} + +variable "internal_lb" { + description = "Flag to indicate if the load balancer is internal (true/false)" + type = bool +} + +variable "load_balancer_type" { + description = "Type of load balancer" +} + +variable "tags" { + type = map(any) + default = {} +} \ No newline at end of file diff --git a/terraform-modules/aws/vpc-endpoint/README.md b/terraform-modules/aws/vpc-endpoint/README.md new file mode 100644 index 000000000..1e5fe4ace --- /dev/null +++ b/terraform-modules/aws/vpc-endpoint/README.md @@ -0,0 +1,37 @@ +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_vpc_endpoint.execute_api_endpoint](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [private\_dns\_enabled](#input\_private\_dns\_enabled) | Enable private DNS for the VPC endpoint | `bool` | `true` | no | +| [security\_group\_id](#input\_security\_group\_id) | ID of the security group to associate with the VPC endpoint | `any` | n/a | yes | +| [service\_name](#input\_service\_name) | Service name for the VPC endpoint | `any` | n/a | yes | +| [subnet\_ids](#input\_subnet\_ids) | List of subnet IDs where the VPC endpoint will be deployed | `list(string)` | n/a | yes | +| [tags](#input\_tags) | n/a | `map(any)` | `{}` | no | +| [vpc\_endpoint\_type](#input\_vpc\_endpoint\_type) | Type of VPC endpoint | `string` | `"Interface"` | no | +| [vpc\_id](#input\_vpc\_id) | ID of the VPC where the VPC endpoint will be created | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [execute\_api\_endpoint\_id](#output\_execute\_api\_endpoint\_id) | n/a | diff --git a/terraform-modules/aws/vpc-endpoint/main.tf b/terraform-modules/aws/vpc-endpoint/main.tf new file mode 100644 index 000000000..a3472e91a --- /dev/null +++ b/terraform-modules/aws/vpc-endpoint/main.tf @@ -0,0 +1,10 @@ +# Create a VPC endpoint for Execute API in the specified VPC +resource "aws_vpc_endpoint" "execute_api_endpoint" { + vpc_id = var.vpc_id + service_name = var.service_name + vpc_endpoint_type = var.vpc_endpoint_type + security_group_ids = [var.security_group_id] + subnet_ids = var.subnet_ids + private_dns_enabled = var.private_dns_enabled + tags = var.tags +} diff --git a/terraform-modules/aws/vpc-endpoint/outputs.tf b/terraform-modules/aws/vpc-endpoint/outputs.tf new file mode 100644 index 000000000..2259f6b47 --- /dev/null +++ b/terraform-modules/aws/vpc-endpoint/outputs.tf @@ -0,0 +1,3 @@ +output "execute_api_endpoint_id" { + value = aws_vpc_endpoint.execute_api_endpoint.id +} \ No newline at end of file diff --git a/terraform-modules/aws/vpc-endpoint/variables.tf b/terraform-modules/aws/vpc-endpoint/variables.tf new file mode 100644 index 000000000..963b49bd1 --- /dev/null +++ b/terraform-modules/aws/vpc-endpoint/variables.tf @@ -0,0 +1,32 @@ +variable "vpc_id" { + description = "ID of the VPC where the VPC endpoint will be created" +} + +variable "security_group_id" { + description = "ID of the security group to associate with the VPC endpoint" +} + +variable "subnet_ids" { + description = "List of subnet IDs where the VPC endpoint will be deployed" + type = list(string) +} + +variable "service_name" { + description = "Service name for the VPC endpoint" +} + +variable "vpc_endpoint_type" { + description = "Type of VPC endpoint" + default = "Interface" +} + +variable "private_dns_enabled" { + description = "Enable private DNS for the VPC endpoint" + type = bool + default = true +} + +variable "tags" { + type = map(any) + default = {} +} \ No newline at end of file From 51e522788fa9eb91cdda7f2b2516cf919f4f34d9 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Mon, 12 Jun 2023 19:19:11 -0600 Subject: [PATCH 02/52] networkinterfaces ips --- terraform-modules/aws/vpc-endpoint/main.tf | 5 +++++ terraform-modules/aws/vpc-endpoint/outputs.tf | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/terraform-modules/aws/vpc-endpoint/main.tf b/terraform-modules/aws/vpc-endpoint/main.tf index a3472e91a..f3790b9f4 100644 --- a/terraform-modules/aws/vpc-endpoint/main.tf +++ b/terraform-modules/aws/vpc-endpoint/main.tf @@ -8,3 +8,8 @@ resource "aws_vpc_endpoint" "execute_api_endpoint" { private_dns_enabled = var.private_dns_enabled tags = var.tags } + +data "aws_network_interface" "execute_api_nics" { + count = length(aws_vpc_endpoint.execute_api_endpoint.network_interface_ids) + id = aws_vpc_endpoint.execute_api_endpoint.network_interface_ids[count.index] +} \ No newline at end of file diff --git a/terraform-modules/aws/vpc-endpoint/outputs.tf b/terraform-modules/aws/vpc-endpoint/outputs.tf index 2259f6b47..fcdbb4644 100644 --- a/terraform-modules/aws/vpc-endpoint/outputs.tf +++ b/terraform-modules/aws/vpc-endpoint/outputs.tf @@ -1,3 +1,11 @@ output "execute_api_endpoint_id" { value = aws_vpc_endpoint.execute_api_endpoint.id +} + +output "execute_api_endpoint_network_interface_ids" { + value = aws_vpc_endpoint.execute_api_endpoint.network_interface_ids +} + +output "execute_api_ips" { + value = [for nic in data.aws_network_interface.execute_api_nics : nic.private_ip] } \ No newline at end of file From 7955f67764c1e6c369929443adc1a25cd8801f7d Mon Sep 17 00:00:00 2001 From: bcarranza Date: Mon, 12 Jun 2023 19:29:04 -0600 Subject: [PATCH 03/52] execute ip --- terraform-modules/aws/vpc-endpoint/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform-modules/aws/vpc-endpoint/main.tf b/terraform-modules/aws/vpc-endpoint/main.tf index f3790b9f4..11954949a 100644 --- a/terraform-modules/aws/vpc-endpoint/main.tf +++ b/terraform-modules/aws/vpc-endpoint/main.tf @@ -10,6 +10,6 @@ resource "aws_vpc_endpoint" "execute_api_endpoint" { } data "aws_network_interface" "execute_api_nics" { - count = length(aws_vpc_endpoint.execute_api_endpoint.network_interface_ids) - id = aws_vpc_endpoint.execute_api_endpoint.network_interface_ids[count.index] + for_each = toset(aws_vpc_endpoint.execute_api_endpoint.network_interface_ids) + id = each.key } \ No newline at end of file From f403452a659267ea90765de72b154ab8154b482e Mon Sep 17 00:00:00 2001 From: bcarranza Date: Tue, 13 Jun 2023 10:11:38 -0600 Subject: [PATCH 04/52] nlb target group ips --- terraform-modules/aws/nlb/main.tf | 63 +++++++++++++++ terraform-modules/aws/nlb/variables.tf | 104 +++++++++++++++++++++++++ 2 files changed, 167 insertions(+) diff --git a/terraform-modules/aws/nlb/main.tf b/terraform-modules/aws/nlb/main.tf index da56fe42c..f955c43fd 100644 --- a/terraform-modules/aws/nlb/main.tf +++ b/terraform-modules/aws/nlb/main.tf @@ -1,3 +1,10 @@ +locals { + health_check_port = coalesce(var.health_check_port, "traffic-port") + health_check_protocol = coalesce(var.health_check_protocol, local.target_group_protocol) + target_group_protocol = "TCP" + unhealthy_threshold = coalesce(var.health_check_unhealthy_threshold, var.health_check_threshold) +} + resource "aws_lb" "nlb" { name = var.nlb_name internal = var.enable_internal @@ -23,3 +30,59 @@ resource "aws_lb" "nlb" { tags = var.nlb_tags } + +resource "aws_lb_target_group" "default" { + count = var.nlb_target_ips ? 1 : 0 + deregistration_delay = var.deregistration_delay + name = var.target_group_name + port = var.target_group_port + protocol = "TCP" + proxy_protocol_v2 = var.target_group_proxy_protocol_v2 + slow_start = var.slow_start + target_type = var.target_group_target_type + vpc_id = var.vpc_id + + health_check { + enabled = var.health_check_enabled + port = local.health_check_port + protocol = local.health_check_protocol + path = "HTTP" + healthy_threshold = var.health_check_threshold + unhealthy_threshold = local.unhealthy_threshold + interval = var.health_check_interval + } + + lifecycle { + create_before_destroy = true + } + + tags = var.nlb_tags + + depends_on = [ + aws_lb.nlb, + ] +} + +################################################### +# Attachment for NLB IP Target Group +################################################### + +resource "aws_lb_target_group_attachment" "this" { + count = var.nlb_target_ips ? length(local.target_ips) : 0 + target_group_arn = aws_lb_target_group.default[0].arn + + target_id = local.target_ips[count.index].ip_address + port = local.target_ips[count.index].port + availability_zone = local.target_ips[count.index].az +} + +resource "aws_lb_listener" "default" { + load_balancer_arn = aws_lb.nlb.arn + port = var.listener_port + protocol = "TCP" + + default_action { + target_group_arn = var.nlb_target_ips ? aws_lb_target_group.default[0].arn : "" + type = "forward" + } +} \ No newline at end of file diff --git a/terraform-modules/aws/nlb/variables.tf b/terraform-modules/aws/nlb/variables.tf index 2811c7b6e..30cb6cc21 100644 --- a/terraform-modules/aws/nlb/variables.tf +++ b/terraform-modules/aws/nlb/variables.tf @@ -103,6 +103,110 @@ variable "nlb_s3_bucket_name" { default = null } +variable "nlb_target_ips" { + description = "Set true if you need to create target groups with Ips" + type = bool + default = false +} + +variable "target_ips" { + description = "Set a list of ips with ports if you set `nlb_target_ips` equalss true (only if `nlb_target_ips` equals true)" + type = set(object({ + ip_address = string + port = number + })) + default = [] +} + +variable "deregistration_delay" { + type = number + default = 15 + description = "The amount of time to wait in seconds before changing the state of a deregistering target to unused (only if `nlb_target_ips` equals true)" +} + +variable "target_group_name" { + type = string + default = "" + description = "The name for the default target group, uses a module label name if left empty (only if `nlb_target_ips` equals true)" +} + +variable "target_group_port" { + type = number + default = 80 + description = "The port for the default target group (only if `nlb_target_ips` equals true)" +} + +variable "target_group_target_type" { + type = string + default = "ip" + description = "The type (`instance`, `ip` or `lambda`) of targets that can be registered with the default target group (only if `nlb_target_ips` equals true)" +} + +variable "target_group_proxy_protocol_v2" { + type = bool + default = false + description = "A boolean flag to enable/disable proxy protocol v2 support (only if `nlb_target_ips` equals true)" +} + +variable "slow_start" { + type = number + default = 0 + description = "Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. (only if `nlb_target_ips` equals true)" +} + +variable "vpc_id" { + type = string + description = "VPC ID to associate with Target Group (only if `nlb_target_ips` equals true)" +} + +variable "health_check_enabled" { + type = bool + default = true + description = "A boolean flag to enable/disable the NLB health checks (only if `nlb_target_ips` equals true)" +} + +variable "health_check_port" { + type = number + default = null + description = "The port to send the health check request to (defaults to `traffic-port`) (only if `nlb_target_ips` equals true)" +} + +variable "health_check_protocol" { + type = string + default = null + description = "The protocol to use for the health check request (only if `nlb_target_ips` equalss true)" +} + +variable "health_check_path" { + type = string + default = "/" + description = "The destination for the health check request (only if `nlb_target_ips` equals true)" +} + +variable "health_check_threshold" { + type = number + default = 2 + description = "The number of consecutive health checks successes required before considering an unhealthy target healthy. (only if `nlb_target_ips` equals true)" +} + +variable "health_check_unhealthy_threshold" { + type = number + default = null + description = "The number of consecutive health check failures required before considering the target unhealthy. If not set using value from `health_check_threshold` (only if `nlb_target_ips` equals true)" +} + +variable "health_check_interval" { + type = number + default = 10 + description = "The duration in seconds in between health checks (only if `nlb_target_ips` equals true)" +} + +variable "listener_port" { + Type = number + default = 80 + description = "Set listener port to forwarding (only if `nlb_target_ips` equals true)" +} + variable "nlb_tags" { description = "Tags" type = map(any) From d2e7f01c90c8f051ae4c1416076d82e8f83f5421 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Tue, 13 Jun 2023 10:27:59 -0600 Subject: [PATCH 05/52] typo fix --- terraform-modules/aws/nlb/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform-modules/aws/nlb/variables.tf b/terraform-modules/aws/nlb/variables.tf index 30cb6cc21..df9d16815 100644 --- a/terraform-modules/aws/nlb/variables.tf +++ b/terraform-modules/aws/nlb/variables.tf @@ -202,7 +202,7 @@ variable "health_check_interval" { } variable "listener_port" { - Type = number + type = number default = 80 description = "Set listener port to forwarding (only if `nlb_target_ips` equals true)" } From 6009c8b2ff1c14c6c3db6d39f0cfffde5f1f813c Mon Sep 17 00:00:00 2001 From: bcarranza Date: Tue, 13 Jun 2023 10:41:45 -0600 Subject: [PATCH 06/52] remove local typo --- terraform-modules/aws/nlb/main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform-modules/aws/nlb/main.tf b/terraform-modules/aws/nlb/main.tf index f955c43fd..4440e8ae9 100644 --- a/terraform-modules/aws/nlb/main.tf +++ b/terraform-modules/aws/nlb/main.tf @@ -68,12 +68,12 @@ resource "aws_lb_target_group" "default" { ################################################### resource "aws_lb_target_group_attachment" "this" { - count = var.nlb_target_ips ? length(local.target_ips) : 0 + count = var.nlb_target_ips ? 1 : 0 target_group_arn = aws_lb_target_group.default[0].arn - target_id = local.target_ips[count.index].ip_address - port = local.target_ips[count.index].port - availability_zone = local.target_ips[count.index].az + target_id = var.target_ips[count.index].ip_address + port = var.target_ips[count.index].port + availability_zone = var.target_ips[count.index].az } resource "aws_lb_listener" "default" { From 6363d59685013b122c7e769534091e334d17fdbe Mon Sep 17 00:00:00 2001 From: bcarranza Date: Tue, 13 Jun 2023 10:54:06 -0600 Subject: [PATCH 07/52] fix for targets ips --- terraform-modules/aws/nlb/main.tf | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/terraform-modules/aws/nlb/main.tf b/terraform-modules/aws/nlb/main.tf index 4440e8ae9..189be2a7e 100644 --- a/terraform-modules/aws/nlb/main.tf +++ b/terraform-modules/aws/nlb/main.tf @@ -68,12 +68,11 @@ resource "aws_lb_target_group" "default" { ################################################### resource "aws_lb_target_group_attachment" "this" { - count = var.nlb_target_ips ? 1 : 0 - target_group_arn = aws_lb_target_group.default[0].arn - - target_id = var.target_ips[count.index].ip_address - port = var.target_ips[count.index].port - availability_zone = var.target_ips[count.index].az + for_each = var.target_ips + target_group_arn = aws_lb_target_group.default[0].arn + target_id = each.value.ip_address + port = each.value.port + availability_zone = each.value.az } resource "aws_lb_listener" "default" { From 6ab7449a2c1faee5a15e9a78f91702544674f742 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Tue, 13 Jun 2023 11:01:41 -0600 Subject: [PATCH 08/52] aws_lb_target_group_attachment --- terraform-modules/aws/nlb/main.tf | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/terraform-modules/aws/nlb/main.tf b/terraform-modules/aws/nlb/main.tf index 189be2a7e..22c10e16f 100644 --- a/terraform-modules/aws/nlb/main.tf +++ b/terraform-modules/aws/nlb/main.tf @@ -68,13 +68,14 @@ resource "aws_lb_target_group" "default" { ################################################### resource "aws_lb_target_group_attachment" "this" { - for_each = var.target_ips + count = var.nlb_target_ips ? length(var.target_ips) : 0 target_group_arn = aws_lb_target_group.default[0].arn - target_id = each.value.ip_address - port = each.value.port - availability_zone = each.value.az + target_id = var.nlb_target_ips ? var.target_ips[count.index].ip_address : "" + port = var.nlb_target_ips ? var.target_ips[count.index].port : 0 + availability_zone = var.nlb_target_ips ? var.target_ips[count.index].az : "" } + resource "aws_lb_listener" "default" { load_balancer_arn = aws_lb.nlb.arn port = var.listener_port From 62ed38bb88c5511014d06316738dd11848779e41 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Tue, 13 Jun 2023 11:19:33 -0600 Subject: [PATCH 09/52] add conditional aws_lb_target_group_attachment --- terraform-modules/aws/nlb/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform-modules/aws/nlb/main.tf b/terraform-modules/aws/nlb/main.tf index 22c10e16f..55b5cf338 100644 --- a/terraform-modules/aws/nlb/main.tf +++ b/terraform-modules/aws/nlb/main.tf @@ -77,6 +77,7 @@ resource "aws_lb_target_group_attachment" "this" { resource "aws_lb_listener" "default" { + count = var.nlb_target_ips ? 1 : 0 load_balancer_arn = aws_lb.nlb.arn port = var.listener_port protocol = "TCP" From 635499ca16a99e226647a0448c066d92fcb28325 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Tue, 13 Jun 2023 11:26:32 -0600 Subject: [PATCH 10/52] add http --- terraform-modules/aws/nlb/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform-modules/aws/nlb/main.tf b/terraform-modules/aws/nlb/main.tf index 55b5cf338..613249570 100644 --- a/terraform-modules/aws/nlb/main.tf +++ b/terraform-modules/aws/nlb/main.tf @@ -46,7 +46,7 @@ resource "aws_lb_target_group" "default" { enabled = var.health_check_enabled port = local.health_check_port protocol = local.health_check_protocol - path = "HTTP" + path = local.health_check_protocol == "HTTP" ? var.health_check_path : null healthy_threshold = var.health_check_threshold unhealthy_threshold = local.unhealthy_threshold interval = var.health_check_interval From 12c599336dc8693b12992f8126daae7f2dc1b276 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Tue, 13 Jun 2023 11:38:05 -0600 Subject: [PATCH 11/52] element for ip --- terraform-modules/aws/nlb/main.tf | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/terraform-modules/aws/nlb/main.tf b/terraform-modules/aws/nlb/main.tf index 613249570..23ce2430f 100644 --- a/terraform-modules/aws/nlb/main.tf +++ b/terraform-modules/aws/nlb/main.tf @@ -70,9 +70,16 @@ resource "aws_lb_target_group" "default" { resource "aws_lb_target_group_attachment" "this" { count = var.nlb_target_ips ? length(var.target_ips) : 0 target_group_arn = aws_lb_target_group.default[0].arn - target_id = var.nlb_target_ips ? var.target_ips[count.index].ip_address : "" - port = var.nlb_target_ips ? var.target_ips[count.index].port : 0 - availability_zone = var.nlb_target_ips ? var.target_ips[count.index].az : "" + target_id = var.nlb_target_ips ? element([for ip in var.target_ips : ip.ip_address], count.index) : "" + port = var.nlb_target_ips ? element([for ip in var.target_ips : ip.port], count.index) : 0 +} + + +resource "aws_lb_target_group_attachment" "example" { + count = var.nlb_target_ips ? length(var.target_ips) : 0 + target_group_arn = aws_lb_target_group.example.arn + target_id = var.nlb_target_ips ? element([for ip in var.target_ips : ip.ip_address], count.index) : "" + port = var.nlb_target_ips ? element([for ip in var.target_ips : ip.port], count.index) : 0 } @@ -86,4 +93,4 @@ resource "aws_lb_listener" "default" { target_group_arn = var.nlb_target_ips ? aws_lb_target_group.default[0].arn : "" type = "forward" } -} \ No newline at end of file +} From 39fbc46f40b1ab6f7d0a2e18473f4d08fa23e30d Mon Sep 17 00:00:00 2001 From: bcarranza Date: Tue, 13 Jun 2023 11:46:06 -0600 Subject: [PATCH 12/52] typo default --- terraform-modules/aws/nlb/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform-modules/aws/nlb/main.tf b/terraform-modules/aws/nlb/main.tf index 23ce2430f..b8c86044a 100644 --- a/terraform-modules/aws/nlb/main.tf +++ b/terraform-modules/aws/nlb/main.tf @@ -77,7 +77,7 @@ resource "aws_lb_target_group_attachment" "this" { resource "aws_lb_target_group_attachment" "example" { count = var.nlb_target_ips ? length(var.target_ips) : 0 - target_group_arn = aws_lb_target_group.example.arn + target_group_arn = aws_lb_target_group.default.arn target_id = var.nlb_target_ips ? element([for ip in var.target_ips : ip.ip_address], count.index) : "" port = var.nlb_target_ips ? element([for ip in var.target_ips : ip.port], count.index) : 0 } From 4b5b9706ecc9f90ad00b12fc2ba0964b07cdbf36 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Tue, 13 Jun 2023 12:05:23 -0600 Subject: [PATCH 13/52] aws_lb_target_group.default[0].arn --- terraform-modules/aws/nlb/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform-modules/aws/nlb/main.tf b/terraform-modules/aws/nlb/main.tf index b8c86044a..9d2d46451 100644 --- a/terraform-modules/aws/nlb/main.tf +++ b/terraform-modules/aws/nlb/main.tf @@ -77,7 +77,7 @@ resource "aws_lb_target_group_attachment" "this" { resource "aws_lb_target_group_attachment" "example" { count = var.nlb_target_ips ? length(var.target_ips) : 0 - target_group_arn = aws_lb_target_group.default.arn + target_group_arn = aws_lb_target_group.default[0].arn target_id = var.nlb_target_ips ? element([for ip in var.target_ips : ip.ip_address], count.index) : "" port = var.nlb_target_ips ? element([for ip in var.target_ips : ip.port], count.index) : 0 } From 9da2e9914f87817d7de0f6ec45b3dcb26511c692 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Tue, 13 Jun 2023 15:43:41 -0600 Subject: [PATCH 14/52] vpc link --- .../aws/api-gateway/vpc-link/README.md | 6 +---- .../aws/api-gateway/vpc-link/main.tf | 13 ++--------- .../aws/api-gateway/vpc-link/variables.tf | 22 ++----------------- 3 files changed, 5 insertions(+), 36 deletions(-) diff --git a/terraform-modules/aws/api-gateway/vpc-link/README.md b/terraform-modules/aws/api-gateway/vpc-link/README.md index cd813a49c..9bd4191ed 100644 --- a/terraform-modules/aws/api-gateway/vpc-link/README.md +++ b/terraform-modules/aws/api-gateway/vpc-link/README.md @@ -17,19 +17,15 @@ No modules. | Name | Type | |------|------| | [aws_api_gateway_vpc_link.apivpclink](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_vpc_link) | resource | -| [aws_lb.apivpclinknlb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [internal\_lb](#input\_internal\_lb) | Flag to indicate if the load balancer is internal (true/false) | `bool` | n/a | yes | -| [load\_balancer\_name](#input\_load\_balancer\_name) | Name of the load balancer | `any` | n/a | yes | -| [load\_balancer\_type](#input\_load\_balancer\_type) | Type of load balancer | `any` | n/a | yes | -| [subnet\_id](#input\_subnet\_id) | ID of the subnet for the load balancer | `any` | n/a | yes | | [tags](#input\_tags) | n/a | `map(any)` | `{}` | no | | [vpc\_link\_description](#input\_vpc\_link\_description) | Description of the API Gateway VPC link | `any` | n/a | yes | | [vpc\_link\_name](#input\_vpc\_link\_name) | Name of the API Gateway VPC link | `any` | n/a | yes | +| [vpc\_link\_nbl\_arn](#input\_vpc\_link\_nbl\_arn) | ARN of the NLB VPC link | `any` | n/a | yes | ## Outputs diff --git a/terraform-modules/aws/api-gateway/vpc-link/main.tf b/terraform-modules/aws/api-gateway/vpc-link/main.tf index c14afb565..e25e827af 100644 --- a/terraform-modules/aws/api-gateway/vpc-link/main.tf +++ b/terraform-modules/aws/api-gateway/vpc-link/main.tf @@ -1,15 +1,6 @@ -resource "aws_lb" "apivpclinknlb" { - name = var.load_balancer_name - internal = var.internal_lb - load_balancer_type = var.load_balancer_type - - subnet_mapping { - subnet_id = var.subnet_id - } -} - resource "aws_api_gateway_vpc_link" "apivpclink" { name = var.vpc_link_name description = var.vpc_link_description - target_arns = [aws_lb.apivpclinknlb.arn] + target_arns = [var.vpc_link_nbl_arn] + tags = var.tags } diff --git a/terraform-modules/aws/api-gateway/vpc-link/variables.tf b/terraform-modules/aws/api-gateway/vpc-link/variables.tf index 7ba3f5a96..c1a60c6c7 100644 --- a/terraform-modules/aws/api-gateway/vpc-link/variables.tf +++ b/terraform-modules/aws/api-gateway/vpc-link/variables.tf @@ -1,7 +1,3 @@ -variable "subnet_id" { - description = "ID of the subnet for the load balancer" -} - variable "vpc_link_name" { description = "Name of the API Gateway VPC link" } @@ -10,22 +6,8 @@ variable "vpc_link_description" { description = "Description of the API Gateway VPC link" } -# Load balancer -variable "subnet_id" { - description = "ID of the subnet for the load balancer" -} - -variable "load_balancer_name" { - description = "Name of the load balancer" -} - -variable "internal_lb" { - description = "Flag to indicate if the load balancer is internal (true/false)" - type = bool -} - -variable "load_balancer_type" { - description = "Type of load balancer" +variable "vpc_link_nbl_arn" { + description = "ARN of the NLB VPC link" } variable "tags" { From e2e87cdd36741f3eb4d9755bcc76b5c5ef8339ae Mon Sep 17 00:00:00 2001 From: bcarranza Date: Tue, 13 Jun 2023 15:48:45 -0600 Subject: [PATCH 15/52] new output --- terraform-modules/aws/nlb/output.tf | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/terraform-modules/aws/nlb/output.tf b/terraform-modules/aws/nlb/output.tf index e69de29bb..656ea6ebc 100644 --- a/terraform-modules/aws/nlb/output.tf +++ b/terraform-modules/aws/nlb/output.tf @@ -0,0 +1,9 @@ +output "nlb_arn" { + value = aws_lb.nlb.arn + description = "The ARN of the load balancer (matches id)." +} + +output "nlb_dns_name" { + value = aws_lb.nlb.dns_name + description = "The DNS name of the load balancer." +} \ No newline at end of file From 2d702e9afa48aa112d6c25712c9abdbd59bbe967 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Tue, 13 Jun 2023 16:02:50 -0600 Subject: [PATCH 16/52] deafult string --- terraform-modules/aws/api-gateway/vpc-link/variables.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform-modules/aws/api-gateway/vpc-link/variables.tf b/terraform-modules/aws/api-gateway/vpc-link/variables.tf index c1a60c6c7..945c5ec44 100644 --- a/terraform-modules/aws/api-gateway/vpc-link/variables.tf +++ b/terraform-modules/aws/api-gateway/vpc-link/variables.tf @@ -4,6 +4,7 @@ variable "vpc_link_name" { variable "vpc_link_description" { description = "Description of the API Gateway VPC link" + default = "" } variable "vpc_link_nbl_arn" { From ccbc49d01690ba2a6647037172e2f5d5b8ce10af Mon Sep 17 00:00:00 2001 From: bcarranza Date: Tue, 13 Jun 2023 18:30:15 -0600 Subject: [PATCH 17/52] Api Gateway Method --- .../api-gateway-private-vpc-proxy/main.tf | 48 +++++++++++++++++++ .../api-gateway-private-vpc-proxy/outputs.tf | 3 ++ .../variables.tf | 11 +++++ 3 files changed, 62 insertions(+) create mode 100644 terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/main.tf create mode 100644 terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/outputs.tf create mode 100644 terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/variables.tf diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/main.tf new file mode 100644 index 000000000..044cff17f --- /dev/null +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/main.tf @@ -0,0 +1,48 @@ +resource "aws_api_gateway_rest_api" "my_api" { + name = var.apigateway_name + endpoint_configuration { + types = ["PRIVATE"] + vpc_endpoint_ids = ["${var.vpc_endpoint_id}"] # Replace with your VPC endpoint ID + } +} + +resource "aws_api_gateway_resource" "proxy_resource" { + rest_api_id = aws_api_gateway_rest_api.my_api.id + parent_id = aws_api_gateway_rest_api.my_api.root_resource_id + path_part = "{proxy+}" +} + +resource "aws_api_gateway_method" "proxy_method" { + rest_api_id = aws_api_gateway_rest_api.my_api.id + resource_id = aws_api_gateway_resource.proxy_resource.id + http_method = "ANY" + authorization = "NONE" +} + +resource "aws_api_gateway_integration" "proxy_integration" { + rest_api_id = aws_api_gateway_rest_api.my_api.id + resource_id = aws_api_gateway_resource.proxy_resource.id + http_method = aws_api_gateway_method.proxy_method.http_method + integration_http_method = "ANY" + type = "VPC_PROXY" # Update the integration type + uri = var.api_gateway_b_uri # Replace with the desired endpoint + + request_parameters = { + "integration.request.path.proxy" = "method.request.path.proxy" # Update the path mapping + } +} + +resource "aws_api_gateway_integration_response" "proxy_integration_response" { + rest_api_id = aws_api_gateway_rest_api.my_api.id + resource_id = aws_api_gateway_resource.proxy_resource.id + http_method = aws_api_gateway_method.proxy_method.http_method + status_code = aws_api_gateway_method_response.proxy_method_response.status_code +} + +resource "aws_api_gateway_method_response" "proxy_method_response" { + rest_api_id = aws_api_gateway_rest_api.my_api.id + resource_id = aws_api_gateway_resource.proxy_resource.id + http_method = aws_api_gateway_method.proxy_method.http_method + status_code = "200" +} + diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/outputs.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/outputs.tf new file mode 100644 index 000000000..c7e55ecd3 --- /dev/null +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/outputs.tf @@ -0,0 +1,3 @@ +outputs "aws_api_gateway_rest_api_arn" { + value = aws_api_gateway_rest_api.my_api.arn +} \ No newline at end of file diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/variables.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/variables.tf new file mode 100644 index 000000000..00f03e25c --- /dev/null +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/variables.tf @@ -0,0 +1,11 @@ +variable "apigateway_name" { + description = "Api Gateway Name" +} + +variable "vpc_endpoint_id" { + description = "VPC Endpoint Id to hit the api gateway in private mode" +} + +variable "api_gateway_b_uri" { + description = "Api gateway URI of another account to connect and make a proxy" +} From f26940b96083153cd0cd76b36eba8205c091f8a2 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Tue, 13 Jun 2023 18:35:30 -0600 Subject: [PATCH 18/52] test --- .../main.tf | 17 ++++++----------- .../outputs.tf | 0 .../variables.tf | 4 ++++ 3 files changed, 10 insertions(+), 11 deletions(-) rename terraform-modules/aws/api-gateway/{api-gateway-private-vpc-proxy => api-gateway-private-vpc-link-proxy}/main.tf (68%) rename terraform-modules/aws/api-gateway/{api-gateway-private-vpc-proxy => api-gateway-private-vpc-link-proxy}/outputs.tf (100%) rename terraform-modules/aws/api-gateway/{api-gateway-private-vpc-proxy => api-gateway-private-vpc-link-proxy}/variables.tf (74%) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf similarity index 68% rename from terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/main.tf rename to terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 044cff17f..5be8dbe04 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -17,18 +17,13 @@ resource "aws_api_gateway_method" "proxy_method" { resource_id = aws_api_gateway_resource.proxy_resource.id http_method = "ANY" authorization = "NONE" -} - -resource "aws_api_gateway_integration" "proxy_integration" { - rest_api_id = aws_api_gateway_rest_api.my_api.id - resource_id = aws_api_gateway_resource.proxy_resource.id - http_method = aws_api_gateway_method.proxy_method.http_method - integration_http_method = "ANY" - type = "VPC_PROXY" # Update the integration type - uri = var.api_gateway_b_uri # Replace with the desired endpoint - request_parameters = { - "integration.request.path.proxy" = "method.request.path.proxy" # Update the path mapping + integration { + type = "HTTP_PROXY" + uri = var.api_gateway_b_uri # Replace with your VPC link endpoint + http_method = "ANY" + connection_type = "VPC_LINK" + connection_id = var.vpc_link_id # Replace with your VPC link ID } } diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/outputs.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/outputs.tf similarity index 100% rename from terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/outputs.tf rename to terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/outputs.tf diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/variables.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/variables.tf similarity index 74% rename from terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/variables.tf rename to terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/variables.tf index 00f03e25c..187a3e7fe 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-proxy/variables.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/variables.tf @@ -6,6 +6,10 @@ variable "vpc_endpoint_id" { description = "VPC Endpoint Id to hit the api gateway in private mode" } +variable "vpc_link_id" { + description = "VPC Link Id to hit the api gateway in private mode" +} + variable "api_gateway_b_uri" { description = "Api gateway URI of another account to connect and make a proxy" } From d8742b3089d9991fd9c958bb188640436ef18ddf Mon Sep 17 00:00:00 2001 From: bcarranza Date: Tue, 13 Jun 2023 18:45:18 -0600 Subject: [PATCH 19/52] typo --- .../api-gateway/api-gateway-private-vpc-link-proxy/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/outputs.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/outputs.tf index c7e55ecd3..b5fd70fb6 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/outputs.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/outputs.tf @@ -1,3 +1,3 @@ -outputs "aws_api_gateway_rest_api_arn" { +output "aws_api_gateway_rest_api_arn" { value = aws_api_gateway_rest_api.my_api.arn } \ No newline at end of file From 7420a3768bd5dd23aef8dabed918ef2c363e1c4c Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 07:59:32 -0600 Subject: [PATCH 20/52] api gateway --- .../main.tf | 45 +++++++++++-------- 1 file changed, 27 insertions(+), 18 deletions(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 5be8dbe04..83d6296fe 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -17,27 +17,36 @@ resource "aws_api_gateway_method" "proxy_method" { resource_id = aws_api_gateway_resource.proxy_resource.id http_method = "ANY" authorization = "NONE" - - integration { - type = "HTTP_PROXY" - uri = var.api_gateway_b_uri # Replace with your VPC link endpoint - http_method = "ANY" - connection_type = "VPC_LINK" - connection_id = var.vpc_link_id # Replace with your VPC link ID + request_parameters = { + "method.request.path.proxy" = true } } -resource "aws_api_gateway_integration_response" "proxy_integration_response" { - rest_api_id = aws_api_gateway_rest_api.my_api.id - resource_id = aws_api_gateway_resource.proxy_resource.id - http_method = aws_api_gateway_method.proxy_method.http_method - status_code = aws_api_gateway_method_response.proxy_method_response.status_code -} +resource "aws_api_gateway_integration" "MyDemoIntegration" { + rest_api_id = aws_api_gateway_rest_api.MyDemoAPI.id + resource_id = aws_api_gateway_resource.MyDemoResource.id + http_method = aws_api_gateway_method.MyDemoMethod.http_method + type = "HTTP_PROXY" + uri = var.api_gateway_b_uri + integration_http_method = "ANY" -resource "aws_api_gateway_method_response" "proxy_method_response" { - rest_api_id = aws_api_gateway_rest_api.my_api.id - resource_id = aws_api_gateway_resource.proxy_resource.id - http_method = aws_api_gateway_method.proxy_method.http_method - status_code = "200" + cache_key_parameters = ["method.request.path.proxy"] + request_parameters = { + "integration.request.path.proxy" = "method.request.path.proxy" + } } +#resource "aws_api_gateway_integration_response" "proxy_integration_response" { +# rest_api_id = aws_api_gateway_rest_api.my_api.id +# resource_id = aws_api_gateway_resource.proxy_resource.id +# http_method = aws_api_gateway_method.proxy_method.http_method +# status_code = aws_api_gateway_method_response.proxy_method_response.status_code +#} + +#resource "aws_api_gateway_method_response" "proxy_method_response" { +# rest_api_id = aws_api_gateway_rest_api.my_api.id +# resource_id = aws_api_gateway_resource.proxy_resource.id +# http_method = aws_api_gateway_method.proxy_method.http_method +# status_code = "200" +#} + From 8ac2963e404d303bfd6835955ac1f9e4d974019e Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 08:02:44 -0600 Subject: [PATCH 21/52] proxy_method --- .../api-gateway/api-gateway-private-vpc-link-proxy/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 83d6296fe..312162e08 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -23,9 +23,9 @@ resource "aws_api_gateway_method" "proxy_method" { } resource "aws_api_gateway_integration" "MyDemoIntegration" { - rest_api_id = aws_api_gateway_rest_api.MyDemoAPI.id - resource_id = aws_api_gateway_resource.MyDemoResource.id - http_method = aws_api_gateway_method.MyDemoMethod.http_method + rest_api_id = aws_api_gateway_rest_api.my_api.id + resource_id = aws_api_gateway_resource.proxy_resource.id + http_method = aws_api_gateway_method.proxy_method.http_method type = "HTTP_PROXY" uri = var.api_gateway_b_uri integration_http_method = "ANY" From c482eeace1b168fa5bbc4d0fdb58a9e87b062b16 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 08:06:02 -0600 Subject: [PATCH 22/52] proxy_integration --- .../aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 312162e08..046c34e9b 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -22,7 +22,7 @@ resource "aws_api_gateway_method" "proxy_method" { } } -resource "aws_api_gateway_integration" "MyDemoIntegration" { +resource "aws_api_gateway_integration" "proxy_integration" { rest_api_id = aws_api_gateway_rest_api.my_api.id resource_id = aws_api_gateway_resource.proxy_resource.id http_method = aws_api_gateway_method.proxy_method.http_method From e9c29c9cfd7bc48a8d5a1341811c25b7056293f4 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 08:21:36 -0600 Subject: [PATCH 23/52] vpc proxy --- .../aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 046c34e9b..6ab91e357 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -26,7 +26,7 @@ resource "aws_api_gateway_integration" "proxy_integration" { rest_api_id = aws_api_gateway_rest_api.my_api.id resource_id = aws_api_gateway_resource.proxy_resource.id http_method = aws_api_gateway_method.proxy_method.http_method - type = "HTTP_PROXY" + type = "VPC_PROXY" uri = var.api_gateway_b_uri integration_http_method = "ANY" From d4f2032864cae843fa8acaebbe88e673ebd9d87e Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 08:38:15 -0600 Subject: [PATCH 24/52] integration + response --- .../main.tf | 40 ++++++++++++++----- 1 file changed, 31 insertions(+), 9 deletions(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 6ab91e357..2a90ac77a 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -22,20 +22,42 @@ resource "aws_api_gateway_method" "proxy_method" { } } -resource "aws_api_gateway_integration" "proxy_integration" { - rest_api_id = aws_api_gateway_rest_api.my_api.id - resource_id = aws_api_gateway_resource.proxy_resource.id - http_method = aws_api_gateway_method.proxy_method.http_method - type = "VPC_PROXY" - uri = var.api_gateway_b_uri +resource "aws_api_gateway_integration" "vpc_proxy" { + rest_api_id = aws_api_gateway_rest_api.my_api.id + resource_id = aws_api_gateway_resource.proxy_resource.id + http_method = aws_api_gateway_method.proxy_method.http_method + type = "VPC_PROXY" + vpc_link_id = var.vpc_link_id + endpoint_url = var.api_gateway_b_uri integration_http_method = "ANY" + passthrough_behavior = "WHEN_NO_MATCH" + request_parameters = {} +} - cache_key_parameters = ["method.request.path.proxy"] - request_parameters = { - "integration.request.path.proxy" = "method.request.path.proxy" +resource "aws_api_gateway_method_response" "proxy" { + rest_api_id = aws_api_gateway_rest_api.my_api.id + resource_id = aws_api_gateway_resource.proxy_resource.id + http_method = aws_api_gateway_method.proxy_method.http_method + status_code = "200" + response_templates = { + "application/json" = "" } } +#resource "aws_api_gateway_integration" "proxy_integration" { +# rest_api_id = aws_api_gateway_rest_api.my_api.id +# resource_id = aws_api_gateway_resource.proxy_resource.id +# http_method = aws_api_gateway_method.proxy_method.http_method +# type = "VPC_PROXY" +# uri = var.api_gateway_b_uri +# integration_http_method = "ANY" + +# cache_key_parameters = ["method.request.path.proxy"] +# request_parameters = { +# "integration.request.path.proxy" = "method.request.path.proxy" +# } +#} + #resource "aws_api_gateway_integration_response" "proxy_integration_response" { # rest_api_id = aws_api_gateway_rest_api.my_api.id # resource_id = aws_api_gateway_resource.proxy_resource.id From 6eff487c7729e032b28c8ccac6f9a5337eaa923c Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 08:45:08 -0600 Subject: [PATCH 25/52] Proxy --- .../api-gateway-private-vpc-link-proxy/main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 2a90ac77a..1661b7e35 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -26,9 +26,9 @@ resource "aws_api_gateway_integration" "vpc_proxy" { rest_api_id = aws_api_gateway_rest_api.my_api.id resource_id = aws_api_gateway_resource.proxy_resource.id http_method = aws_api_gateway_method.proxy_method.http_method - type = "VPC_PROXY" - vpc_link_id = var.vpc_link_id - endpoint_url = var.api_gateway_b_uri + connection_type = "VPC_LINK" + connection_id = var.vpc_link_id + uri = var.api_gateway_b_uri integration_http_method = "ANY" passthrough_behavior = "WHEN_NO_MATCH" request_parameters = {} @@ -39,7 +39,7 @@ resource "aws_api_gateway_method_response" "proxy" { resource_id = aws_api_gateway_resource.proxy_resource.id http_method = aws_api_gateway_method.proxy_method.http_method status_code = "200" - response_templates = { + response_parameteresponse_parameters = { "application/json" = "" } } From 3146ee45e8f003e26436761f5a50d52d16f5d038 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 08:47:48 -0600 Subject: [PATCH 26/52] response_parameters --- .../aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 1661b7e35..317b3993b 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -39,7 +39,7 @@ resource "aws_api_gateway_method_response" "proxy" { resource_id = aws_api_gateway_resource.proxy_resource.id http_method = aws_api_gateway_method.proxy_method.http_method status_code = "200" - response_parameteresponse_parameters = { + response_parameters = { "application/json" = "" } } From 4a8ab6078677d82480de08bea6b4641d4e762ef3 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 08:52:34 -0600 Subject: [PATCH 27/52] aws_api_gateway_method_response --- .../aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf | 3 --- 1 file changed, 3 deletions(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 317b3993b..8d1c18e10 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -39,9 +39,6 @@ resource "aws_api_gateway_method_response" "proxy" { resource_id = aws_api_gateway_resource.proxy_resource.id http_method = aws_api_gateway_method.proxy_method.http_method status_code = "200" - response_parameters = { - "application/json" = "" - } } #resource "aws_api_gateway_integration" "proxy_integration" { From 9ed5482d8bb1bbe858d074a56143c35adef861c4 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 08:57:52 -0600 Subject: [PATCH 28/52] http proxy --- .../aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 8d1c18e10..bb0f7c8ba 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -32,6 +32,7 @@ resource "aws_api_gateway_integration" "vpc_proxy" { integration_http_method = "ANY" passthrough_behavior = "WHEN_NO_MATCH" request_parameters = {} + type = "HTTP_PROXY" } resource "aws_api_gateway_method_response" "proxy" { From cd9dc570f3026bd2ad8a58eafb3119619777617e Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 09:16:16 -0600 Subject: [PATCH 29/52] proxy --- .../api-gateway/api-gateway-private-vpc-link-proxy/main.tf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index bb0f7c8ba..30ecb00fd 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -31,7 +31,9 @@ resource "aws_api_gateway_integration" "vpc_proxy" { uri = var.api_gateway_b_uri integration_http_method = "ANY" passthrough_behavior = "WHEN_NO_MATCH" - request_parameters = {} + request_parameters = { + "method.request.path.proxy" = true + } type = "HTTP_PROXY" } From d368c5270ea31360f8a487cd4cec4ea9292bde5e Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 10:50:14 -0600 Subject: [PATCH 30/52] aws_api_gateway_method_response --- .../api-gateway/api-gateway-private-vpc-link-proxy/main.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 30ecb00fd..15c0214b0 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -31,9 +31,6 @@ resource "aws_api_gateway_integration" "vpc_proxy" { uri = var.api_gateway_b_uri integration_http_method = "ANY" passthrough_behavior = "WHEN_NO_MATCH" - request_parameters = { - "method.request.path.proxy" = true - } type = "HTTP_PROXY" } @@ -41,7 +38,6 @@ resource "aws_api_gateway_method_response" "proxy" { rest_api_id = aws_api_gateway_rest_api.my_api.id resource_id = aws_api_gateway_resource.proxy_resource.id http_method = aws_api_gateway_method.proxy_method.http_method - status_code = "200" } #resource "aws_api_gateway_integration" "proxy_integration" { From b781e158923947e4e5e7640d9e9d291463f8f665 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 10:55:59 -0600 Subject: [PATCH 31/52] api gateway integration --- .../api-gateway-private-vpc-link-proxy/main.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 15c0214b0..1c5c3d4b0 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -34,11 +34,11 @@ resource "aws_api_gateway_integration" "vpc_proxy" { type = "HTTP_PROXY" } -resource "aws_api_gateway_method_response" "proxy" { - rest_api_id = aws_api_gateway_rest_api.my_api.id - resource_id = aws_api_gateway_resource.proxy_resource.id - http_method = aws_api_gateway_method.proxy_method.http_method -} +#resource "aws_api_gateway_method_response" "proxy" { +# rest_api_id = aws_api_gateway_rest_api.my_api.id +# resource_id = aws_api_gateway_resource.proxy_resource.id +# http_method = aws_api_gateway_method.proxy_method.http_method +#} #resource "aws_api_gateway_integration" "proxy_integration" { # rest_api_id = aws_api_gateway_rest_api.my_api.id From c57db9f3aa503c92dae1c77fc92ee983f95e804f Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 11:14:05 -0600 Subject: [PATCH 32/52] cors --- .../main.tf | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 1c5c3d4b0..584aeefcf 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -34,6 +34,53 @@ resource "aws_api_gateway_integration" "vpc_proxy" { type = "HTTP_PROXY" } + + +#CORS +resource "aws_api_gateway_method" "options_method" { + rest_api_id = "${aws_api_gateway_rest_api.cors_api.id}" + resource_id = "${aws_api_gateway_resource.cors_resource.id}" + http_method = "OPTIONS" + authorization = "NONE" +} + +resource "aws_api_gateway_method_response" "options_200" { + rest_api_id = "${aws_api_gateway_rest_api.my_api.id}" + resource_id = "${aws_api_gateway_resource.proxy_resource.id}" + http_method = "${aws_api_gateway_method.options_method.http_method}" + status_code = "200" + response_models { + "application/json" = "Empty" + } + response_parameters { + "method.response.header.Access-Control-Allow-Headers" = true, + "method.response.header.Access-Control-Allow-Methods" = true, + "method.response.header.Access-Control-Allow-Origin" = true + } + depends_on = ["aws_api_gateway_method.options_method"] +} + +resource "aws_api_gateway_integration" "options_integration" { + rest_api_id = "${aws_api_gateway_rest_api.my_api.id}" + resource_id = "${aws_api_gateway_resource.proxy_resource.id}" + http_method = "${aws_api_gateway_method.options_200.http_method}" + type = "MOCK" + depends_on = ["aws_api_gateway_method.options_method"] +} + +resource "aws_api_gateway_integration_response" "options_integration_response" { + rest_api_id = "${aws_api_gateway_rest_api.my_api.id}" + resource_id = "${aws_api_gateway_resource.proxy_resource.id}" + http_method = "${aws_api_gateway_method.options_method.http_method}" + status_code = "${aws_api_gateway_method_response.options_200.status_code}" + response_parameters = { + "method.response.header.Access-Control-Allow-Headers" = "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'", + "method.response.header.Access-Control-Allow-Methods" = "'GET,OPTIONS,POST,PUT'", + "method.response.header.Access-Control-Allow-Origin" = "'*'" + } + depends_on = ["aws_api_gateway_method_response.options_200"] +} + #resource "aws_api_gateway_method_response" "proxy" { # rest_api_id = aws_api_gateway_rest_api.my_api.id # resource_id = aws_api_gateway_resource.proxy_resource.id From 078a3afce0235cd55a826f2b8190d067392a15d9 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 11:18:07 -0600 Subject: [PATCH 33/52] response_parameters --- .../api-gateway-private-vpc-link-proxy/main.tf | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 584aeefcf..48e58f04b 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -49,10 +49,12 @@ resource "aws_api_gateway_method_response" "options_200" { resource_id = "${aws_api_gateway_resource.proxy_resource.id}" http_method = "${aws_api_gateway_method.options_method.http_method}" status_code = "200" - response_models { - "application/json" = "Empty" + + response_models = { + "application/json" = "Empty" } - response_parameters { + + response_parameters = { "method.response.header.Access-Control-Allow-Headers" = true, "method.response.header.Access-Control-Allow-Methods" = true, "method.response.header.Access-Control-Allow-Origin" = true From e8de16f683aa2b52623a38144fa221c74c3f17f6 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 11:22:26 -0600 Subject: [PATCH 34/52] proxy_resource --- .../api-gateway/api-gateway-private-vpc-link-proxy/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 48e58f04b..b2e0069b5 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -38,8 +38,8 @@ resource "aws_api_gateway_integration" "vpc_proxy" { #CORS resource "aws_api_gateway_method" "options_method" { - rest_api_id = "${aws_api_gateway_rest_api.cors_api.id}" - resource_id = "${aws_api_gateway_resource.cors_resource.id}" + rest_api_id = "${aws_api_gateway_rest_api.my_api.id}" + resource_id = "${aws_api_gateway_resource.proxy_resource.id}" http_method = "OPTIONS" authorization = "NONE" } From f758b0b0a4d6321dd7a03ba7b9aa537020c9c548 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 11:26:27 -0600 Subject: [PATCH 35/52] options_method --- .../aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index b2e0069b5..7d3653121 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -65,7 +65,7 @@ resource "aws_api_gateway_method_response" "options_200" { resource "aws_api_gateway_integration" "options_integration" { rest_api_id = "${aws_api_gateway_rest_api.my_api.id}" resource_id = "${aws_api_gateway_resource.proxy_resource.id}" - http_method = "${aws_api_gateway_method.options_200.http_method}" + http_method = "${aws_api_gateway_method.options_method.http_method}" type = "MOCK" depends_on = ["aws_api_gateway_method.options_method"] } From c98567b8b6a120938978c18e35dd02c0f3f24467 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 12:00:14 -0600 Subject: [PATCH 36/52] response method --- .../main.tf | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 7d3653121..043ab67d4 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -35,6 +35,29 @@ resource "aws_api_gateway_integration" "vpc_proxy" { } +resource "aws_api_gateway_method_response" "200" { + rest_api_id = "${aws_api_gateway_rest_api.my_api.id}" + resource_id = "${aws_api_gateway_resource.proxy_resource.id}" + http_method = "${aws_api_gateway_method.proxy_method.http_method}" + status_code = "200" + + response_models = { + "application/json" = "Empty" + } +} + +resource "aws_api_gateway_integration_response" "MyDemoIntegrationResponse" { + rest_api_id = "${aws_api_gateway_rest_api.my_api.id}" + resource_id = "${aws_api_gateway_resource.proxy_resource.id}" + http_method = "${aws_api_gateway_method.proxy_method.http_method}" + status_code = "${aws_api_gateway_method_response.200.status_code}" + + response_templates = { + "application/json" = "" + } +} + + #CORS resource "aws_api_gateway_method" "options_method" { From f7dddf1d9806647f82c00452b4b8729da46dc3e5 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 12:03:24 -0600 Subject: [PATCH 37/52] m200 --- .../api-gateway/api-gateway-private-vpc-link-proxy/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 043ab67d4..b60b16022 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -35,7 +35,7 @@ resource "aws_api_gateway_integration" "vpc_proxy" { } -resource "aws_api_gateway_method_response" "200" { +resource "aws_api_gateway_method_response" "m200" { rest_api_id = "${aws_api_gateway_rest_api.my_api.id}" resource_id = "${aws_api_gateway_resource.proxy_resource.id}" http_method = "${aws_api_gateway_method.proxy_method.http_method}" @@ -50,7 +50,7 @@ resource "aws_api_gateway_integration_response" "MyDemoIntegrationResponse" { rest_api_id = "${aws_api_gateway_rest_api.my_api.id}" resource_id = "${aws_api_gateway_resource.proxy_resource.id}" http_method = "${aws_api_gateway_method.proxy_method.http_method}" - status_code = "${aws_api_gateway_method_response.200.status_code}" + status_code = "${aws_api_gateway_method_response.m200.status_code}" response_templates = { "application/json" = "" From b74fc10a243a1b55429470d15dc3d0497e6a0083 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 12:06:35 -0600 Subject: [PATCH 38/52] IntegrationResponse --- .../aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index b60b16022..50b523e85 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -46,7 +46,7 @@ resource "aws_api_gateway_method_response" "m200" { } } -resource "aws_api_gateway_integration_response" "MyDemoIntegrationResponse" { +resource "aws_api_gateway_integration_response" "IntegrationResponse" { rest_api_id = "${aws_api_gateway_rest_api.my_api.id}" resource_id = "${aws_api_gateway_resource.proxy_resource.id}" http_method = "${aws_api_gateway_method.proxy_method.http_method}" From 8f4918b6630d1ce5f770af894ab84dcf53109234 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 12:23:50 -0600 Subject: [PATCH 39/52] policy --- .../api-gateway/api-gateway-private-vpc-link-proxy/main.tf | 1 + .../api-gateway-private-vpc-link-proxy/variables.tf | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 50b523e85..6a7cf0576 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -4,6 +4,7 @@ resource "aws_api_gateway_rest_api" "my_api" { types = ["PRIVATE"] vpc_endpoint_ids = ["${var.vpc_endpoint_id}"] # Replace with your VPC endpoint ID } + policy = var.policy } resource "aws_api_gateway_resource" "proxy_resource" { diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/variables.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/variables.tf index 187a3e7fe..f1670c4c8 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/variables.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/variables.tf @@ -13,3 +13,7 @@ variable "vpc_link_id" { variable "api_gateway_b_uri" { description = "Api gateway URI of another account to connect and make a proxy" } + +variable "policy" { + description = "Api gateway URI of another account to connect and make a proxy" +} \ No newline at end of file From ab1010105451d91303171f23abd015f0b20bff7a Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 14:05:22 -0600 Subject: [PATCH 40/52] POLICY --- .../main.tf | 27 ++++++++++++++++++- .../variables.tf | 4 --- 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 6a7cf0576..66243bfee 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -4,9 +4,34 @@ resource "aws_api_gateway_rest_api" "my_api" { types = ["PRIVATE"] vpc_endpoint_ids = ["${var.vpc_endpoint_id}"] # Replace with your VPC endpoint ID } - policy = var.policy } +#Resource Policy +data "aws_iam_policy_document" "resourcePolicy" { + statement { + effect = "Allow" + + principals { + type = "AWS" + identifiers = ["*"] + } + + actions = ["execute-api:Invoke"] + resources = [aws_api_gateway_rest_api.my_api.execution_arn] + + condition { + test = "IpAddress" + variable = "aws:SourceIp" + values = ["123.123.123.123/32"] + } + } +} +resource "aws_api_gateway_rest_api_policy" "test" { + rest_api_id = aws_api_gateway_rest_api.test.id + policy = data.aws_iam_policy_document.test.json +} + + resource "aws_api_gateway_resource" "proxy_resource" { rest_api_id = aws_api_gateway_rest_api.my_api.id parent_id = aws_api_gateway_rest_api.my_api.root_resource_id diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/variables.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/variables.tf index f1670c4c8..187a3e7fe 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/variables.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/variables.tf @@ -13,7 +13,3 @@ variable "vpc_link_id" { variable "api_gateway_b_uri" { description = "Api gateway URI of another account to connect and make a proxy" } - -variable "policy" { - description = "Api gateway URI of another account to connect and make a proxy" -} \ No newline at end of file From 44d11ad499888836eaf279f54a0d839fa14f6a71 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 14:19:32 -0600 Subject: [PATCH 41/52] vpc condition policy --- .../api-gateway/api-gateway-private-vpc-link-proxy/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index 66243bfee..d8ec836a9 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -20,9 +20,9 @@ data "aws_iam_policy_document" "resourcePolicy" { resources = [aws_api_gateway_rest_api.my_api.execution_arn] condition { - test = "IpAddress" - variable = "aws:SourceIp" - values = ["123.123.123.123/32"] + test = "StringEquals" + variable = "aws:SourceVpce" + values = ["${var.vpc_endpoint_id}"] } } } From 08f6ea83b57e1e048f0cfbca643c2e4f6ae9ef07 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 14:23:55 -0600 Subject: [PATCH 42/52] typo errors in policy --- .../api-gateway/api-gateway-private-vpc-link-proxy/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index d8ec836a9..e91422c76 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -26,9 +26,9 @@ data "aws_iam_policy_document" "resourcePolicy" { } } } -resource "aws_api_gateway_rest_api_policy" "test" { - rest_api_id = aws_api_gateway_rest_api.test.id - policy = data.aws_iam_policy_document.test.json +resource "aws_api_gateway_rest_api_policy" "api_resourcePolicy" { + rest_api_id = aws_api_gateway_rest_api.my_api.id + policy = data.aws_iam_policy_document.resourcePolicy.json } From ffde928fe4422fcb91b018072844e2142786adfa Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 14:44:46 -0600 Subject: [PATCH 43/52] remove response models --- .../api-gateway/api-gateway-private-vpc-link-proxy/main.tf | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf index e91422c76..611c0065c 100644 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf @@ -67,9 +67,7 @@ resource "aws_api_gateway_method_response" "m200" { http_method = "${aws_api_gateway_method.proxy_method.http_method}" status_code = "200" - response_models = { - "application/json" = "Empty" - } + } resource "aws_api_gateway_integration_response" "IntegrationResponse" { From 999af6ce14ea6aac1ba1b36fb0b5b424e84e5976 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 16:59:50 -0600 Subject: [PATCH 44/52] avoid error nics --- terraform-modules/aws/vpc-endpoint/main.tf | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/terraform-modules/aws/vpc-endpoint/main.tf b/terraform-modules/aws/vpc-endpoint/main.tf index 11954949a..85a201cbb 100644 --- a/terraform-modules/aws/vpc-endpoint/main.tf +++ b/terraform-modules/aws/vpc-endpoint/main.tf @@ -10,6 +10,11 @@ resource "aws_vpc_endpoint" "execute_api_endpoint" { } data "aws_network_interface" "execute_api_nics" { - for_each = toset(aws_vpc_endpoint.execute_api_endpoint.network_interface_ids) - id = each.key -} \ No newline at end of file + count = length(aws_vpc_endpoint.execute_api_endpoint.*.network_interface_ids) + id = aws_vpc_endpoint.execute_api_endpoint[count.index].network_interface_ids +} + +#data "aws_network_interface" "execute_api_nics" { +# for_each = toset(aws_vpc_endpoint.execute_api_endpoint.network_interface_ids) +# id = each.key +#} \ No newline at end of file From 0e142efb1d5f515ba36465f5f9cb59fa5dd46168 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 18:52:37 -0600 Subject: [PATCH 45/52] depends on --- terraform-modules/aws/vpc-endpoint/main.tf | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/terraform-modules/aws/vpc-endpoint/main.tf b/terraform-modules/aws/vpc-endpoint/main.tf index 85a201cbb..63479c718 100644 --- a/terraform-modules/aws/vpc-endpoint/main.tf +++ b/terraform-modules/aws/vpc-endpoint/main.tf @@ -10,11 +10,7 @@ resource "aws_vpc_endpoint" "execute_api_endpoint" { } data "aws_network_interface" "execute_api_nics" { - count = length(aws_vpc_endpoint.execute_api_endpoint.*.network_interface_ids) - id = aws_vpc_endpoint.execute_api_endpoint[count.index].network_interface_ids -} - -#data "aws_network_interface" "execute_api_nics" { -# for_each = toset(aws_vpc_endpoint.execute_api_endpoint.network_interface_ids) -# id = each.key -#} \ No newline at end of file + for_each = toset(aws_vpc_endpoint.execute_api_endpoint.network_interface_ids) + id = each.key + depends_on = ["aws_vpc_endpoint.execute_api_endpoint"] +} \ No newline at end of file From 2ee4a4a145d79a2b7ca03ee62e945592cc420b40 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 19:00:17 -0600 Subject: [PATCH 46/52] testing network interface --- terraform-modules/aws/vpc-endpoint/main.tf | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/terraform-modules/aws/vpc-endpoint/main.tf b/terraform-modules/aws/vpc-endpoint/main.tf index 63479c718..90e1ef907 100644 --- a/terraform-modules/aws/vpc-endpoint/main.tf +++ b/terraform-modules/aws/vpc-endpoint/main.tf @@ -10,7 +10,13 @@ resource "aws_vpc_endpoint" "execute_api_endpoint" { } data "aws_network_interface" "execute_api_nics" { - for_each = toset(aws_vpc_endpoint.execute_api_endpoint.network_interface_ids) - id = each.key + for_each = { for index, id in toset(aws_vpc_endpoint.execute_api_endpoint.network_interface_ids) : index => id } + id = each.value depends_on = ["aws_vpc_endpoint.execute_api_endpoint"] -} \ No newline at end of file +} + +#data "aws_network_interface" "execute_api_nics" { +# for_each = toset(aws_vpc_endpoint.execute_api_endpoint.network_interface_ids) +# id = each.key +# depends_on = ["aws_vpc_endpoint.execute_api_endpoint"] +#} \ No newline at end of file From f4e2c2dcf3aead57775a7bb39dc5afa24cb585f9 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Wed, 14 Jun 2023 19:11:12 -0600 Subject: [PATCH 47/52] remove unaccesible variables --- terraform-modules/aws/vpc-endpoint/main.tf | 6 ------ terraform-modules/aws/vpc-endpoint/outputs.tf | 6 +++--- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/terraform-modules/aws/vpc-endpoint/main.tf b/terraform-modules/aws/vpc-endpoint/main.tf index 90e1ef907..4869fe90c 100644 --- a/terraform-modules/aws/vpc-endpoint/main.tf +++ b/terraform-modules/aws/vpc-endpoint/main.tf @@ -9,12 +9,6 @@ resource "aws_vpc_endpoint" "execute_api_endpoint" { tags = var.tags } -data "aws_network_interface" "execute_api_nics" { - for_each = { for index, id in toset(aws_vpc_endpoint.execute_api_endpoint.network_interface_ids) : index => id } - id = each.value - depends_on = ["aws_vpc_endpoint.execute_api_endpoint"] -} - #data "aws_network_interface" "execute_api_nics" { # for_each = toset(aws_vpc_endpoint.execute_api_endpoint.network_interface_ids) # id = each.key diff --git a/terraform-modules/aws/vpc-endpoint/outputs.tf b/terraform-modules/aws/vpc-endpoint/outputs.tf index fcdbb4644..0e7e78f62 100644 --- a/terraform-modules/aws/vpc-endpoint/outputs.tf +++ b/terraform-modules/aws/vpc-endpoint/outputs.tf @@ -6,6 +6,6 @@ output "execute_api_endpoint_network_interface_ids" { value = aws_vpc_endpoint.execute_api_endpoint.network_interface_ids } -output "execute_api_ips" { - value = [for nic in data.aws_network_interface.execute_api_nics : nic.private_ip] -} \ No newline at end of file +#output "execute_api_ips" { +# value = [for nic in data.aws_network_interface.execute_api_nics : nic.private_ip] +#} \ No newline at end of file From 85318130063abed94d92c88db45df448be9bb2c7 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Fri, 16 Jun 2023 14:03:42 -0600 Subject: [PATCH 48/52] remove files --- .../main.tf | 166 ------------------ .../outputs.tf | 3 - .../variables.tf | 15 -- .../v2/api-gateway-proxy/README.md | 48 ----- .../api-gateway/v2/api-gateway-proxy/main.tf | 35 ---- .../v2/api-gateway-proxy/outputs.tf | 14 -- .../v2/api-gateway-proxy/variables.tf | 75 -------- .../aws/api-gateway/vpc-link/README.md | 34 ---- .../aws/api-gateway/vpc-link/main.tf | 6 - .../aws/api-gateway/vpc-link/outputs.tf | 3 - .../aws/api-gateway/vpc-link/variables.tf | 17 -- 11 files changed, 416 deletions(-) delete mode 100644 terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf delete mode 100644 terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/outputs.tf delete mode 100644 terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/variables.tf delete mode 100644 terraform-modules/aws/api-gateway/v2/api-gateway-proxy/README.md delete mode 100644 terraform-modules/aws/api-gateway/v2/api-gateway-proxy/main.tf delete mode 100644 terraform-modules/aws/api-gateway/v2/api-gateway-proxy/outputs.tf delete mode 100644 terraform-modules/aws/api-gateway/v2/api-gateway-proxy/variables.tf delete mode 100644 terraform-modules/aws/api-gateway/vpc-link/README.md delete mode 100644 terraform-modules/aws/api-gateway/vpc-link/main.tf delete mode 100644 terraform-modules/aws/api-gateway/vpc-link/outputs.tf delete mode 100644 terraform-modules/aws/api-gateway/vpc-link/variables.tf diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf deleted file mode 100644 index 611c0065c..000000000 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/main.tf +++ /dev/null @@ -1,166 +0,0 @@ -resource "aws_api_gateway_rest_api" "my_api" { - name = var.apigateway_name - endpoint_configuration { - types = ["PRIVATE"] - vpc_endpoint_ids = ["${var.vpc_endpoint_id}"] # Replace with your VPC endpoint ID - } -} - -#Resource Policy -data "aws_iam_policy_document" "resourcePolicy" { - statement { - effect = "Allow" - - principals { - type = "AWS" - identifiers = ["*"] - } - - actions = ["execute-api:Invoke"] - resources = [aws_api_gateway_rest_api.my_api.execution_arn] - - condition { - test = "StringEquals" - variable = "aws:SourceVpce" - values = ["${var.vpc_endpoint_id}"] - } - } -} -resource "aws_api_gateway_rest_api_policy" "api_resourcePolicy" { - rest_api_id = aws_api_gateway_rest_api.my_api.id - policy = data.aws_iam_policy_document.resourcePolicy.json -} - - -resource "aws_api_gateway_resource" "proxy_resource" { - rest_api_id = aws_api_gateway_rest_api.my_api.id - parent_id = aws_api_gateway_rest_api.my_api.root_resource_id - path_part = "{proxy+}" -} - -resource "aws_api_gateway_method" "proxy_method" { - rest_api_id = aws_api_gateway_rest_api.my_api.id - resource_id = aws_api_gateway_resource.proxy_resource.id - http_method = "ANY" - authorization = "NONE" - request_parameters = { - "method.request.path.proxy" = true - } -} - -resource "aws_api_gateway_integration" "vpc_proxy" { - rest_api_id = aws_api_gateway_rest_api.my_api.id - resource_id = aws_api_gateway_resource.proxy_resource.id - http_method = aws_api_gateway_method.proxy_method.http_method - connection_type = "VPC_LINK" - connection_id = var.vpc_link_id - uri = var.api_gateway_b_uri - integration_http_method = "ANY" - passthrough_behavior = "WHEN_NO_MATCH" - type = "HTTP_PROXY" -} - - -resource "aws_api_gateway_method_response" "m200" { - rest_api_id = "${aws_api_gateway_rest_api.my_api.id}" - resource_id = "${aws_api_gateway_resource.proxy_resource.id}" - http_method = "${aws_api_gateway_method.proxy_method.http_method}" - status_code = "200" - - -} - -resource "aws_api_gateway_integration_response" "IntegrationResponse" { - rest_api_id = "${aws_api_gateway_rest_api.my_api.id}" - resource_id = "${aws_api_gateway_resource.proxy_resource.id}" - http_method = "${aws_api_gateway_method.proxy_method.http_method}" - status_code = "${aws_api_gateway_method_response.m200.status_code}" - - response_templates = { - "application/json" = "" - } -} - - - -#CORS -resource "aws_api_gateway_method" "options_method" { - rest_api_id = "${aws_api_gateway_rest_api.my_api.id}" - resource_id = "${aws_api_gateway_resource.proxy_resource.id}" - http_method = "OPTIONS" - authorization = "NONE" -} - -resource "aws_api_gateway_method_response" "options_200" { - rest_api_id = "${aws_api_gateway_rest_api.my_api.id}" - resource_id = "${aws_api_gateway_resource.proxy_resource.id}" - http_method = "${aws_api_gateway_method.options_method.http_method}" - status_code = "200" - - response_models = { - "application/json" = "Empty" - } - - response_parameters = { - "method.response.header.Access-Control-Allow-Headers" = true, - "method.response.header.Access-Control-Allow-Methods" = true, - "method.response.header.Access-Control-Allow-Origin" = true - } - depends_on = ["aws_api_gateway_method.options_method"] -} - -resource "aws_api_gateway_integration" "options_integration" { - rest_api_id = "${aws_api_gateway_rest_api.my_api.id}" - resource_id = "${aws_api_gateway_resource.proxy_resource.id}" - http_method = "${aws_api_gateway_method.options_method.http_method}" - type = "MOCK" - depends_on = ["aws_api_gateway_method.options_method"] -} - -resource "aws_api_gateway_integration_response" "options_integration_response" { - rest_api_id = "${aws_api_gateway_rest_api.my_api.id}" - resource_id = "${aws_api_gateway_resource.proxy_resource.id}" - http_method = "${aws_api_gateway_method.options_method.http_method}" - status_code = "${aws_api_gateway_method_response.options_200.status_code}" - response_parameters = { - "method.response.header.Access-Control-Allow-Headers" = "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'", - "method.response.header.Access-Control-Allow-Methods" = "'GET,OPTIONS,POST,PUT'", - "method.response.header.Access-Control-Allow-Origin" = "'*'" - } - depends_on = ["aws_api_gateway_method_response.options_200"] -} - -#resource "aws_api_gateway_method_response" "proxy" { -# rest_api_id = aws_api_gateway_rest_api.my_api.id -# resource_id = aws_api_gateway_resource.proxy_resource.id -# http_method = aws_api_gateway_method.proxy_method.http_method -#} - -#resource "aws_api_gateway_integration" "proxy_integration" { -# rest_api_id = aws_api_gateway_rest_api.my_api.id -# resource_id = aws_api_gateway_resource.proxy_resource.id -# http_method = aws_api_gateway_method.proxy_method.http_method -# type = "VPC_PROXY" -# uri = var.api_gateway_b_uri -# integration_http_method = "ANY" - -# cache_key_parameters = ["method.request.path.proxy"] -# request_parameters = { -# "integration.request.path.proxy" = "method.request.path.proxy" -# } -#} - -#resource "aws_api_gateway_integration_response" "proxy_integration_response" { -# rest_api_id = aws_api_gateway_rest_api.my_api.id -# resource_id = aws_api_gateway_resource.proxy_resource.id -# http_method = aws_api_gateway_method.proxy_method.http_method -# status_code = aws_api_gateway_method_response.proxy_method_response.status_code -#} - -#resource "aws_api_gateway_method_response" "proxy_method_response" { -# rest_api_id = aws_api_gateway_rest_api.my_api.id -# resource_id = aws_api_gateway_resource.proxy_resource.id -# http_method = aws_api_gateway_method.proxy_method.http_method -# status_code = "200" -#} - diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/outputs.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/outputs.tf deleted file mode 100644 index b5fd70fb6..000000000 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "aws_api_gateway_rest_api_arn" { - value = aws_api_gateway_rest_api.my_api.arn -} \ No newline at end of file diff --git a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/variables.tf b/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/variables.tf deleted file mode 100644 index 187a3e7fe..000000000 --- a/terraform-modules/aws/api-gateway/api-gateway-private-vpc-link-proxy/variables.tf +++ /dev/null @@ -1,15 +0,0 @@ -variable "apigateway_name" { - description = "Api Gateway Name" -} - -variable "vpc_endpoint_id" { - description = "VPC Endpoint Id to hit the api gateway in private mode" -} - -variable "vpc_link_id" { - description = "VPC Link Id to hit the api gateway in private mode" -} - -variable "api_gateway_b_uri" { - description = "Api gateway URI of another account to connect and make a proxy" -} diff --git a/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/README.md b/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/README.md deleted file mode 100644 index 05df3ad2a..000000000 --- a/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/README.md +++ /dev/null @@ -1,48 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_apigatewayv2_api.proxy_api](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_api) | resource | -| [aws_apigatewayv2_integration.proxy_integration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_integration) | resource | -| [aws_apigatewayv2_route.proxy_route](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_route) | resource | -| [aws_apigatewayv2_vpc_link.vpc_link](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_vpc_link) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [allow\_headers](#input\_allow\_headers) | The list of allowed headers for CORS configuration. | `list(string)` | 
[
  "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
]
| no | -| [allow\_methods](#input\_allow\_methods) | The list of allowed methods for CORS configuration. | `list(string)` | 
[
  "ANY"
]
| no | -| [allow\_origins](#input\_allow\_origins) | The list of allowed origins for CORS configuration. | `list(string)` | 
[
  "*"
]
| no | -| [api\_name](#input\_api\_name) | The name of the API. | `string` | `"MyProxyApi"` | no | -| [api\_protocol\_type](#input\_api\_protocol\_type) | The protocol type for the API. | `string` | `"HTTP"` | no | -| [connection\_type](#input\_connection\_type) | The connection type for the integration. | `string` | `"VPC_LINK"` | no | -| [integration\_type](#input\_integration\_type) | The integration type for the API integration. | `string` | `"HTTP_PROXY"` | no | -| [integration\_uri](#input\_integration\_uri) | The URI for the integration. | `string` | `"https://api.another-gateway.com/{proxy}"` | no | -| [route\_authorization\_type](#input\_route\_authorization\_type) | The authorization type for the route. | `string` | `"NONE"` | no | -| [route\_key](#input\_route\_key) | The route key for the API route. | `string` | `"ANY /{proxy+}"` | no | -| [security\_group\_ids](#input\_security\_group\_ids) | The list of security group IDs associated with the VPC Link. | `list(string)` | n/a | yes | -| [subnet\_ids](#input\_subnet\_ids) | The list of subnet IDs where the VPC Link will be created. | `list(string)` | n/a | yes | -| [vpc\_link\_name](#input\_vpc\_link\_name) | The name of the VPC Link resource. | `string` | `"MyVpcLink"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [proxy\_api\_id](#output\_proxy\_api\_id) | The ID of the API. | -| [proxy\_integration\_id](#output\_proxy\_integration\_id) | The ID of the API integration. | -| [vpc\_link\_id](#output\_vpc\_link\_id) | The ID of the VPC Link. | diff --git a/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/main.tf b/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/main.tf deleted file mode 100644 index fcd9382ec..000000000 --- a/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/main.tf +++ /dev/null @@ -1,35 +0,0 @@ -resource "aws_apigatewayv2_vpc_link" "vpc_link" { - name = var.vpc_link_name - subnet_ids = var.subnet_ids - security_group_ids = var.security_group_ids -} - -resource "aws_apigatewayv2_api" "proxy_api" { - name = var.api_name - protocol_type = var.api_protocol_type - - cors_configuration { - allow_methods = var.allow_methods - allow_headers = var.allow_headers - allow_origins = var.allow_origins - } - - vpc_link_id = aws_apigatewayv2_vpc_link.vpc_link.id -} - -resource "aws_apigatewayv2_route" "proxy_route" { - api_id = aws_apigatewayv2_api.proxy_api.id - route_key = var.route_key - - authorization_type = var.route_authorization_type - target = "integrations/${aws_apigatewayv2_integration.proxy_integration.id}" -} - -resource "aws_apigatewayv2_integration" "proxy_integration" { - api_id = aws_apigatewayv2_api.proxy_api.id - integration_type = var.integration_type - integration_uri = var.integration_uri - - connection_type = var.connection_type - connection_id = aws_apigatewayv2_vpc_link.vpc_link.id -} diff --git a/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/outputs.tf b/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/outputs.tf deleted file mode 100644 index 5b89e1c18..000000000 --- a/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/outputs.tf +++ /dev/null @@ -1,14 +0,0 @@ -output "vpc_link_id" { - value = aws_apigatewayv2_vpc_link.vpc_link.id - description = "The ID of the VPC Link." -} - -output "proxy_api_id" { - value = aws_apigatewayv2_api.proxy_api.id - description = "The ID of the API." -} - -output "proxy_integration_id" { - value = aws_apigatewayv2_integration.proxy_integration.id - description = "The ID of the API integration." -} diff --git a/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/variables.tf b/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/variables.tf deleted file mode 100644 index 0c999afc2..000000000 --- a/terraform-modules/aws/api-gateway/v2/api-gateway-proxy/variables.tf +++ /dev/null @@ -1,75 +0,0 @@ -variable "subnet_ids" { - type = list(string) - description = "The list of subnet IDs where the VPC Link will be created." -} - -variable "security_group_ids" { - type = list(string) - description = "The list of security group IDs associated with the VPC Link." -} - -variable "vpc_link_name" { - type = string - default = "MyVpcLink" - description = "The name of the VPC Link resource." -} - -variable "api_name" { - type = string - default = "MyProxyApi" - description = "The name of the API." -} - -variable "allow_methods" { - type = list(string) - default = ["ANY"] - description = "The list of allowed methods for CORS configuration." -} - -variable "allow_headers" { - type = list(string) - default = ["'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"] - description = "The list of allowed headers for CORS configuration." -} - -variable "allow_origins" { - type = list(string) - default = ["*"] - description = "The list of allowed origins for CORS configuration." -} - -variable "route_key" { - type = string - default = "ANY /{proxy+}" - description = "The route key for the API route." -} - -variable "integration_uri" { - type = string - default = "https://api.another-gateway.com/{proxy}" - description = "The URI for the integration." -} - -variable "api_protocol_type" { - type = string - default = "HTTP" - description = "The protocol type for the API." -} - -variable "route_authorization_type" { - type = string - default = "NONE" - description = "The authorization type for the route." -} - -variable "integration_type" { - type = string - default = "HTTP_PROXY" - description = "The integration type for the API integration." -} - -variable "connection_type" { - type = string - default = "VPC_LINK" - description = "The connection type for the integration." -} diff --git a/terraform-modules/aws/api-gateway/vpc-link/README.md b/terraform-modules/aws/api-gateway/vpc-link/README.md deleted file mode 100644 index 9bd4191ed..000000000 --- a/terraform-modules/aws/api-gateway/vpc-link/README.md +++ /dev/null @@ -1,34 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_api_gateway_vpc_link.apivpclink](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_vpc_link) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [tags](#input\_tags) | n/a | `map(any)` | `{}` | no | -| [vpc\_link\_description](#input\_vpc\_link\_description) | Description of the API Gateway VPC link | `any` | n/a | yes | -| [vpc\_link\_name](#input\_vpc\_link\_name) | Name of the API Gateway VPC link | `any` | n/a | yes | -| [vpc\_link\_nbl\_arn](#input\_vpc\_link\_nbl\_arn) | ARN of the NLB VPC link | `any` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [api\_gateway\_vpc\_link\_id](#output\_api\_gateway\_vpc\_link\_id) | n/a | diff --git a/terraform-modules/aws/api-gateway/vpc-link/main.tf b/terraform-modules/aws/api-gateway/vpc-link/main.tf deleted file mode 100644 index e25e827af..000000000 --- a/terraform-modules/aws/api-gateway/vpc-link/main.tf +++ /dev/null @@ -1,6 +0,0 @@ -resource "aws_api_gateway_vpc_link" "apivpclink" { - name = var.vpc_link_name - description = var.vpc_link_description - target_arns = [var.vpc_link_nbl_arn] - tags = var.tags -} diff --git a/terraform-modules/aws/api-gateway/vpc-link/outputs.tf b/terraform-modules/aws/api-gateway/vpc-link/outputs.tf deleted file mode 100644 index 0900af807..000000000 --- a/terraform-modules/aws/api-gateway/vpc-link/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "api_gateway_vpc_link_id" { - value = aws_api_gateway_vpc_link.apivpclink.id -} diff --git a/terraform-modules/aws/api-gateway/vpc-link/variables.tf b/terraform-modules/aws/api-gateway/vpc-link/variables.tf deleted file mode 100644 index 945c5ec44..000000000 --- a/terraform-modules/aws/api-gateway/vpc-link/variables.tf +++ /dev/null @@ -1,17 +0,0 @@ -variable "vpc_link_name" { - description = "Name of the API Gateway VPC link" -} - -variable "vpc_link_description" { - description = "Description of the API Gateway VPC link" - default = "" -} - -variable "vpc_link_nbl_arn" { - description = "ARN of the NLB VPC link" -} - -variable "tags" { - type = map(any) - default = {} -} \ No newline at end of file From 6d92b7c54512a4967e3ae9f18d5a602e751079f4 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Fri, 16 Jun 2023 14:06:50 -0600 Subject: [PATCH 49/52] nlb --- terraform-modules/aws/nlb/main.tf | 71 ----------------- terraform-modules/aws/nlb/output.tf | 9 --- terraform-modules/aws/nlb/variables.tf | 104 ------------------------- 3 files changed, 184 deletions(-) diff --git a/terraform-modules/aws/nlb/main.tf b/terraform-modules/aws/nlb/main.tf index 9d2d46451..da56fe42c 100644 --- a/terraform-modules/aws/nlb/main.tf +++ b/terraform-modules/aws/nlb/main.tf @@ -1,10 +1,3 @@ -locals { - health_check_port = coalesce(var.health_check_port, "traffic-port") - health_check_protocol = coalesce(var.health_check_protocol, local.target_group_protocol) - target_group_protocol = "TCP" - unhealthy_threshold = coalesce(var.health_check_unhealthy_threshold, var.health_check_threshold) -} - resource "aws_lb" "nlb" { name = var.nlb_name internal = var.enable_internal @@ -30,67 +23,3 @@ resource "aws_lb" "nlb" { tags = var.nlb_tags } - -resource "aws_lb_target_group" "default" { - count = var.nlb_target_ips ? 1 : 0 - deregistration_delay = var.deregistration_delay - name = var.target_group_name - port = var.target_group_port - protocol = "TCP" - proxy_protocol_v2 = var.target_group_proxy_protocol_v2 - slow_start = var.slow_start - target_type = var.target_group_target_type - vpc_id = var.vpc_id - - health_check { - enabled = var.health_check_enabled - port = local.health_check_port - protocol = local.health_check_protocol - path = local.health_check_protocol == "HTTP" ? var.health_check_path : null - healthy_threshold = var.health_check_threshold - unhealthy_threshold = local.unhealthy_threshold - interval = var.health_check_interval - } - - lifecycle { - create_before_destroy = true - } - - tags = var.nlb_tags - - depends_on = [ - aws_lb.nlb, - ] -} - -################################################### -# Attachment for NLB IP Target Group -################################################### - -resource "aws_lb_target_group_attachment" "this" { - count = var.nlb_target_ips ? length(var.target_ips) : 0 - target_group_arn = aws_lb_target_group.default[0].arn - target_id = var.nlb_target_ips ? element([for ip in var.target_ips : ip.ip_address], count.index) : "" - port = var.nlb_target_ips ? element([for ip in var.target_ips : ip.port], count.index) : 0 -} - - -resource "aws_lb_target_group_attachment" "example" { - count = var.nlb_target_ips ? length(var.target_ips) : 0 - target_group_arn = aws_lb_target_group.default[0].arn - target_id = var.nlb_target_ips ? element([for ip in var.target_ips : ip.ip_address], count.index) : "" - port = var.nlb_target_ips ? element([for ip in var.target_ips : ip.port], count.index) : 0 -} - - -resource "aws_lb_listener" "default" { - count = var.nlb_target_ips ? 1 : 0 - load_balancer_arn = aws_lb.nlb.arn - port = var.listener_port - protocol = "TCP" - - default_action { - target_group_arn = var.nlb_target_ips ? aws_lb_target_group.default[0].arn : "" - type = "forward" - } -} diff --git a/terraform-modules/aws/nlb/output.tf b/terraform-modules/aws/nlb/output.tf index 656ea6ebc..e69de29bb 100644 --- a/terraform-modules/aws/nlb/output.tf +++ b/terraform-modules/aws/nlb/output.tf @@ -1,9 +0,0 @@ -output "nlb_arn" { - value = aws_lb.nlb.arn - description = "The ARN of the load balancer (matches id)." -} - -output "nlb_dns_name" { - value = aws_lb.nlb.dns_name - description = "The DNS name of the load balancer." -} \ No newline at end of file diff --git a/terraform-modules/aws/nlb/variables.tf b/terraform-modules/aws/nlb/variables.tf index df9d16815..2811c7b6e 100644 --- a/terraform-modules/aws/nlb/variables.tf +++ b/terraform-modules/aws/nlb/variables.tf @@ -103,110 +103,6 @@ variable "nlb_s3_bucket_name" { default = null } -variable "nlb_target_ips" { - description = "Set true if you need to create target groups with Ips" - type = bool - default = false -} - -variable "target_ips" { - description = "Set a list of ips with ports if you set `nlb_target_ips` equalss true (only if `nlb_target_ips` equals true)" - type = set(object({ - ip_address = string - port = number - })) - default = [] -} - -variable "deregistration_delay" { - type = number - default = 15 - description = "The amount of time to wait in seconds before changing the state of a deregistering target to unused (only if `nlb_target_ips` equals true)" -} - -variable "target_group_name" { - type = string - default = "" - description = "The name for the default target group, uses a module label name if left empty (only if `nlb_target_ips` equals true)" -} - -variable "target_group_port" { - type = number - default = 80 - description = "The port for the default target group (only if `nlb_target_ips` equals true)" -} - -variable "target_group_target_type" { - type = string - default = "ip" - description = "The type (`instance`, `ip` or `lambda`) of targets that can be registered with the default target group (only if `nlb_target_ips` equals true)" -} - -variable "target_group_proxy_protocol_v2" { - type = bool - default = false - description = "A boolean flag to enable/disable proxy protocol v2 support (only if `nlb_target_ips` equals true)" -} - -variable "slow_start" { - type = number - default = 0 - description = "Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. (only if `nlb_target_ips` equals true)" -} - -variable "vpc_id" { - type = string - description = "VPC ID to associate with Target Group (only if `nlb_target_ips` equals true)" -} - -variable "health_check_enabled" { - type = bool - default = true - description = "A boolean flag to enable/disable the NLB health checks (only if `nlb_target_ips` equals true)" -} - -variable "health_check_port" { - type = number - default = null - description = "The port to send the health check request to (defaults to `traffic-port`) (only if `nlb_target_ips` equals true)" -} - -variable "health_check_protocol" { - type = string - default = null - description = "The protocol to use for the health check request (only if `nlb_target_ips` equalss true)" -} - -variable "health_check_path" { - type = string - default = "/" - description = "The destination for the health check request (only if `nlb_target_ips` equals true)" -} - -variable "health_check_threshold" { - type = number - default = 2 - description = "The number of consecutive health checks successes required before considering an unhealthy target healthy. (only if `nlb_target_ips` equals true)" -} - -variable "health_check_unhealthy_threshold" { - type = number - default = null - description = "The number of consecutive health check failures required before considering the target unhealthy. If not set using value from `health_check_threshold` (only if `nlb_target_ips` equals true)" -} - -variable "health_check_interval" { - type = number - default = 10 - description = "The duration in seconds in between health checks (only if `nlb_target_ips` equals true)" -} - -variable "listener_port" { - type = number - default = 80 - description = "Set listener port to forwarding (only if `nlb_target_ips` equals true)" -} - variable "nlb_tags" { description = "Tags" type = map(any) From 068aa7d7ed9a3f22bf6739e3cf4dc8de1dd50370 Mon Sep 17 00:00:00 2001 From: bcarranza Date: Mon, 19 Jun 2023 10:19:17 -0600 Subject: [PATCH 50/52] ip set tf --- terraform-modules/aws/waf/ip-set/README.md | 77 +++++++++++++++++++ terraform-modules/aws/waf/ip-set/main.tf | 11 +++ terraform-modules/aws/waf/ip-set/outputs.tf | 16 ++++ terraform-modules/aws/waf/ip-set/variables.tf | 21 +++++ 4 files changed, 125 insertions(+) create mode 100644 terraform-modules/aws/waf/ip-set/README.md create mode 100644 terraform-modules/aws/waf/ip-set/main.tf create mode 100644 terraform-modules/aws/waf/ip-set/outputs.tf create mode 100644 terraform-modules/aws/waf/ip-set/variables.tf diff --git a/terraform-modules/aws/waf/ip-set/README.md b/terraform-modules/aws/waf/ip-set/README.md new file mode 100644 index 000000000..fadb67d75 --- /dev/null +++ b/terraform-modules/aws/waf/ip-set/README.md @@ -0,0 +1,77 @@ +# Why I should use an Ip Set? +An IP set is a feature provided by AWS Web Application Firewall (WAF) that allows you +to define a collection of IP addresses or IP ranges (in CIDR notation) that you want +to allow or block from accessing your web applications or APIs. + +There are several reasons why you might want to use an IP set: + +1. Security: By using an IP set, you can restrict access to your applications to a +specific set of IP addresses. This helps to prevent unauthorized access, block +malicious traffic, and protect your resources from various types of attacks, such as +DDoS attacks or brute-force attempts. + +2. Whitelisting/Blacklisting: An IP set allows you to create a whitelist or +blacklist of IP addresses. With a whitelist, you can specify the IP addresses that +are allowed to access your application, blocking all others. Conversely, with a +blacklist, you can specify the IP addresses that are not allowed, while allowing all +other addresses. + +3. Geo-blocking: If you want to restrict access to your application based on +geographic locations, an IP set can help. You can define IP ranges associated with +specific countries or regions, allowing or blocking access based on those regions. +This can be useful for compliance purposes or to prevent traffic from high-risk +regions. + +4. Dynamic Updates: IP sets can be dynamically updated, allowing you to add or +remove IP addresses as needed. This flexibility enables you to respond quickly to +changing security requirements, such as adding new trusted IP addresses or blocking +malicious sources. + +5. Integration with AWS WAF Rules: IP sets can be used in conjunction with other AWS +WAF features, such as rules and conditions, to create more sophisticated access +control policies. You can combine IP sets with rules to define complex logic for +allowing or blocking traffic based on IP addresses, user agents, request headers, or +other criteria. + +By leveraging AWS WAF's IP set feature, you can enhance the security of your web +applications and APIs by controlling access at the IP address level. It provides a +flexible and scalable mechanism to define and manage your desired IP address-based +access control policies. + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_wafv2_ip_set.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_ip_set) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [ip\_addresses](#input\_ip\_addresses) | A list of IP addresses in CIDR notation to include in the IP set. | `list(string)` | n/a | yes | +| [ip\_set\_description](#input\_ip\_set\_description) | A description of the IP set. | `string` | n/a | yes | +| [ip\_set\_name](#input\_ip\_set\_name) | The name of the IP set. | `string` | n/a | yes | +| [tags](#input\_tags) | A map of tags to assign to the IP set. | `map(string)` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [arn](#output\_arn) | The Amazon Resource Name (ARN) of the IP set. | +| [id](#output\_id) | A unique identifier for the IP set. | +| [tags\_all](#output\_tags\_all) | A map of tags assigned to the IP set, including those inherited from the provider default\_tags configuration block. | diff --git a/terraform-modules/aws/waf/ip-set/main.tf b/terraform-modules/aws/waf/ip-set/main.tf new file mode 100644 index 000000000..7b0ab547c --- /dev/null +++ b/terraform-modules/aws/waf/ip-set/main.tf @@ -0,0 +1,11 @@ +# Create an AWS WAFv2 IP set + +resource "aws_wafv2_ip_set" "example" { + name = var.ip_set_name + description = var.ip_set_description + scope = "REGIONAL" + ip_address_version = "IPV4" + addresses = var.ip_addresses + + tags = var.tags +} diff --git a/terraform-modules/aws/waf/ip-set/outputs.tf b/terraform-modules/aws/waf/ip-set/outputs.tf new file mode 100644 index 000000000..5202f62ed --- /dev/null +++ b/terraform-modules/aws/waf/ip-set/outputs.tf @@ -0,0 +1,16 @@ +# Define outputs for the IP set + +output "id" { + value = aws_wafv2_ip_set.example.id + description = "A unique identifier for the IP set." +} + +output "arn" { + value = aws_wafv2_ip_set.example.arn + description = "The Amazon Resource Name (ARN) of the IP set." +} + +output "tags_all" { + value = aws_wafv2_ip_set.example.tags_all + description = "A map of tags assigned to the IP set, including those inherited from the provider default_tags configuration block." +} diff --git a/terraform-modules/aws/waf/ip-set/variables.tf b/terraform-modules/aws/waf/ip-set/variables.tf new file mode 100644 index 000000000..3098a602f --- /dev/null +++ b/terraform-modules/aws/waf/ip-set/variables.tf @@ -0,0 +1,21 @@ +# Define variables for the IP set + +variable "ip_set_name" { + type = string + description = "The name of the IP set." +} + +variable "ip_set_description" { + type = string + description = "A description of the IP set." +} + +variable "ip_addresses" { + type = list(string) + description = "A list of IP addresses in CIDR notation to include in the IP set." +} + +variable "tags" { + type = map(string) + description = "A map of tags to assign to the IP set." +} From 35b29d43421f08a6080113d4861b44979fbba00b Mon Sep 17 00:00:00 2001 From: bcarranza Date: Mon, 19 Jun 2023 10:47:34 -0600 Subject: [PATCH 51/52] ip set --- terraform-modules/aws/waf/ip-set/README.md | 43 +------------------ terraform-modules/aws/waf/ip-set/main.tf | 4 +- terraform-modules/aws/waf/ip-set/variables.tf | 12 ++++++ 3 files changed, 16 insertions(+), 43 deletions(-) diff --git a/terraform-modules/aws/waf/ip-set/README.md b/terraform-modules/aws/waf/ip-set/README.md index fadb67d75..a72ab5615 100644 --- a/terraform-modules/aws/waf/ip-set/README.md +++ b/terraform-modules/aws/waf/ip-set/README.md @@ -1,44 +1,3 @@ -# Why I should use an Ip Set? -An IP set is a feature provided by AWS Web Application Firewall (WAF) that allows you -to define a collection of IP addresses or IP ranges (in CIDR notation) that you want -to allow or block from accessing your web applications or APIs. - -There are several reasons why you might want to use an IP set: - -1. Security: By using an IP set, you can restrict access to your applications to a -specific set of IP addresses. This helps to prevent unauthorized access, block -malicious traffic, and protect your resources from various types of attacks, such as -DDoS attacks or brute-force attempts. - -2. Whitelisting/Blacklisting: An IP set allows you to create a whitelist or -blacklist of IP addresses. With a whitelist, you can specify the IP addresses that -are allowed to access your application, blocking all others. Conversely, with a -blacklist, you can specify the IP addresses that are not allowed, while allowing all -other addresses. - -3. Geo-blocking: If you want to restrict access to your application based on -geographic locations, an IP set can help. You can define IP ranges associated with -specific countries or regions, allowing or blocking access based on those regions. -This can be useful for compliance purposes or to prevent traffic from high-risk -regions. - -4. Dynamic Updates: IP sets can be dynamically updated, allowing you to add or -remove IP addresses as needed. This flexibility enables you to respond quickly to -changing security requirements, such as adding new trusted IP addresses or blocking -malicious sources. - -5. Integration with AWS WAF Rules: IP sets can be used in conjunction with other AWS -WAF features, such as rules and conditions, to create more sophisticated access -control policies. You can combine IP sets with rules to define complex logic for -allowing or blocking traffic based on IP addresses, user agents, request headers, or -other criteria. - -By leveraging AWS WAF's IP set feature, you can enhance the security of your web -applications and APIs by controlling access at the IP address level. It provides a -flexible and scalable mechanism to define and manage your desired IP address-based -access control policies. - - ## Requirements No requirements. @@ -63,9 +22,11 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [ip\_address\_version](#input\_ip\_address\_version) | (Required) Specify IPV4 or IPV6. Valid values are IPV4 or IPV6. | `string` | `"IPV4"` | no | | [ip\_addresses](#input\_ip\_addresses) | A list of IP addresses in CIDR notation to include in the IP set. | `list(string)` | n/a | yes | | [ip\_set\_description](#input\_ip\_set\_description) | A description of the IP set. | `string` | n/a | yes | | [ip\_set\_name](#input\_ip\_set\_name) | The name of the IP set. | `string` | n/a | yes | +| [scope](#input\_scope) | (Required) Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the Region US East (N. Virginia). | `string` | `"REGIONAL"` | no | | [tags](#input\_tags) | A map of tags to assign to the IP set. | `map(string)` | n/a | yes | ## Outputs diff --git a/terraform-modules/aws/waf/ip-set/main.tf b/terraform-modules/aws/waf/ip-set/main.tf index 7b0ab547c..5a2579dae 100644 --- a/terraform-modules/aws/waf/ip-set/main.tf +++ b/terraform-modules/aws/waf/ip-set/main.tf @@ -3,8 +3,8 @@ resource "aws_wafv2_ip_set" "example" { name = var.ip_set_name description = var.ip_set_description - scope = "REGIONAL" - ip_address_version = "IPV4" + scope = var.scope + ip_address_version = var.ip_address_version addresses = var.ip_addresses tags = var.tags diff --git a/terraform-modules/aws/waf/ip-set/variables.tf b/terraform-modules/aws/waf/ip-set/variables.tf index 3098a602f..983363227 100644 --- a/terraform-modules/aws/waf/ip-set/variables.tf +++ b/terraform-modules/aws/waf/ip-set/variables.tf @@ -15,6 +15,18 @@ variable "ip_addresses" { description = "A list of IP addresses in CIDR notation to include in the IP set." } +variable "scope" { + type = string + description = "(Required) Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the Region US East (N. Virginia)." + default = "REGIONAL" +} + +variable "ip_address_version" { + type = string + description = "(Required) Specify IPV4 or IPV6. Valid values are IPV4 or IPV6." + default = "IPV4" +} + variable "tags" { type = map(string) description = "A map of tags to assign to the IP set." From e392d4190b48dd61895ae3aac199be1b4286db9f Mon Sep 17 00:00:00 2001 From: bcarranza Date: Mon, 19 Jun 2023 10:48:59 -0600 Subject: [PATCH 52/52] docs --- terraform-modules/aws/waf/ip-set/README.md | 40 ++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/terraform-modules/aws/waf/ip-set/README.md b/terraform-modules/aws/waf/ip-set/README.md index a72ab5615..ea95dcc2f 100644 --- a/terraform-modules/aws/waf/ip-set/README.md +++ b/terraform-modules/aws/waf/ip-set/README.md @@ -1,3 +1,43 @@ +## Why I might use ip set? +An IP set is a feature provided by AWS Web Application Firewall (WAF) that allows you +to define a collection of IP addresses or IP ranges (in CIDR notation) that you want +to allow or block from accessing your web applications or APIs. + +There are several reasons why you might want to use an IP set: + +1. Security: By using an IP set, you can restrict access to your applications to a +specific set of IP addresses. This helps to prevent unauthorized access, block +malicious traffic, and protect your resources from various types of attacks, such as +DDoS attacks or brute-force attempts. + +2. Whitelisting/Blacklisting: An IP set allows you to create a whitelist or +blacklist of IP addresses. With a whitelist, you can specify the IP addresses that +are allowed to access your application, blocking all others. Conversely, with a +blacklist, you can specify the IP addresses that are not allowed, while allowing all +other addresses. + +3. Geo-blocking: If you want to restrict access to your application based on +geographic locations, an IP set can help. You can define IP ranges associated with +specific countries or regions, allowing or blocking access based on those regions. +This can be useful for compliance purposes or to prevent traffic from high-risk +regions. + +4. Dynamic Updates: IP sets can be dynamically updated, allowing you to add or +remove IP addresses as needed. This flexibility enables you to respond quickly to +changing security requirements, such as adding new trusted IP addresses or blocking +malicious sources. + +5. Integration with AWS WAF Rules: IP sets can be used in conjunction with other AWS +WAF features, such as rules and conditions, to create more sophisticated access +control policies. You can combine IP sets with rules to define complex logic for +allowing or blocking traffic based on IP addresses, user agents, request headers, or +other criteria. + +By leveraging AWS WAF's IP set feature, you can enhance the security of your web +applications and APIs by controlling access at the IP address level. It provides a +flexible and scalable mechanism to define and manage your desired IP address-based +access control policies. + ## Requirements No requirements.