From cc3f589921d9a33bdcad8e714f849fa4f79cedfa Mon Sep 17 00:00:00 2001 From: Fraser Elliot Carter Smith Date: Fri, 7 Aug 2020 13:17:00 +1000 Subject: [PATCH] messagE --- .editorconfig | 13 ++ .github/CODEOWNERS | 1 + .github/workflows/ci.yml | 137 +++++++++++++++++++ .github/workflows/pr-closed.yml | 81 +++++++++++ .github/workflows/pr-raised.yml | 14 ++ .github/workflows/production-promote.yml | 102 ++++++++++++++ .github/workflows/staging-promote.yml | 103 ++++++++++++++ .gitignore | 84 ++++++++++++ README.md | 72 +--------- SECURITY.md | 19 +++ aws.tf | 18 +++ aws_outputs.tf | 28 ++++ gcp.tf | 164 +++++++++++++++++++++++ gcp_outputs.tf | 31 +++++ gcp_variables.tf | 64 +++++++++ package.json | 6 + terraform.tf | 16 +++ variables.tf | 12 ++ 18 files changed, 894 insertions(+), 71 deletions(-) create mode 100644 .editorconfig create mode 100644 .github/CODEOWNERS create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/pr-closed.yml create mode 100644 .github/workflows/pr-raised.yml create mode 100644 .github/workflows/production-promote.yml create mode 100644 .github/workflows/staging-promote.yml create mode 100644 .gitignore create mode 100644 SECURITY.md create mode 100644 aws.tf create mode 100644 aws_outputs.tf create mode 100644 gcp.tf create mode 100644 gcp_outputs.tf create mode 100644 gcp_variables.tf create mode 100644 package.json create mode 100644 terraform.tf create mode 100644 variables.tf diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..b935e1a --- /dev/null +++ b/.editorconfig @@ -0,0 +1,13 @@ +root = true + +[*] +charset = utf-8 + +[*.sh] +end_of_line = lf +indent_style = space +indent_size = 2 + +[{*.yml,*.yaml}] +indent_style = space +indent_size = 2 diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..092489a --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @ofx-com/ICE diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..6376def --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,137 @@ +name: ci +on: + push: + branches: + - '**' + tags-ignore: + - '*.*' # We don't want this to run on release +env: + BUILD_DIR: ./build + GO_VERSION: 1.12 + AWS_REGION: 'ap-southeast-2' + GCP_REGION: 'australia-southeast1' + TEAM_NAME: 'ICE' + APP_NAME: 'network' + PROJECT: 'ofx-infrastructure' + AWS_ROLE: 'arn:aws:iam::368940151251:role/core-pipeline' + +jobs: + config: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + + - uses: actions/setup-node@v1 + with: + node-version: '12.x' + registry-url: https://npm.pkg.github.com/ + scope: '@ofx-com' + + - run: npm install + env: + NODE_AUTH_TOKEN: ${{ secrets.PACKAGE_TOKEN }} + + - name: Configure environment variables + uses: ./node_modules/@ofx-com/github-action-configuration + + publish: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - uses: actions/setup-node@v1 + with: + node-version: '12.x' + registry-url: https://npm.pkg.github.com/ + scope: '@ofx-com' + - run: npm install + env: + NODE_AUTH_TOKEN: ${{ secrets.PACKAGE_TOKEN }} + - name: Configure environment variables + uses: ./node_modules/@ofx-com/github-action-configuration + + deploy: + runs-on: ubuntu-latest + needs: [publish] + env: + TF_ACTIONS_VERSION: 0.12.24 + steps: + - name: Checkout + uses: actions/checkout@v2 + - uses: actions/setup-node@v1 + with: + node-version: '12.x' + registry-url: https://npm.pkg.github.com/ + scope: '@ofx-com' + - run: npm install + env: + NODE_AUTH_TOKEN: ${{ secrets.PACKAGE_TOKEN }} + + - name: Configure environment variables + uses: ./node_modules/@ofx-com/github-action-configuration + + - name: 'Configure AWS Credentials' + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{env.AWS_REGION}} + role-to-assume: ${{env.AWS_ROLE}} + role-duration-seconds: 3600 + export_default_credentials: true + + - name: 'Configure GCP Credentials' + uses: GoogleCloudPlatform/github-actions/setup-gcloud@master + with: + service_account_key: ${{ secrets.GCP_CREDENTIALS }} + project-id: ${{ env.PROJECT }} + export_default_credentials: true + disable_dependent_services: true + + - name: 'Terraform Format' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'fmt' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Terraform Init' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'init' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Terraform Validate' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'validate' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Terraform Plan' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'plan' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + args: -out="./apply-plan" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Terraform Apply' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'apply' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + args: "./apply-plan" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/pr-closed.yml b/.github/workflows/pr-closed.yml new file mode 100644 index 0000000..1bbbedd --- /dev/null +++ b/.github/workflows/pr-closed.yml @@ -0,0 +1,81 @@ +name: teardown branch on pr completion +on: + pull_request: + types: + - closed +env: + TEAM_NAME: 'data' + AWS_DEVELOPMENT_ACCOUNT: '995405243001' + PROJECT: 'analytics' + APP_NAME: 'event-forwarder' + ENVIRONMENT: 'development' + BUILD_DIR: ./build +jobs: + tear-down: + runs-on: ubuntu-latest + env: + TF_ACTIONS_VERSION: 0.12.24 + steps: + + - name: Checkout + uses: actions/checkout@v2 + + - uses: actions/setup-node@v1 + with: + node-version: '12.x' + registry-url: https://npm.pkg.github.com/ + scope: '@ofx-com' + - run: npm install + env: + NODE_AUTH_TOKEN: ${{ secrets.PACKAGE_TOKEN }} + - name: Configure environment variables + uses: ./node_modules/@ofx-com/github-action-configuration + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.DEVELOPMENT_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.DEVELOPMENT_AWS_SECRET_ACCESS_KEY }} + aws-region: ${{env.AWS_REGION}} + role-to-assume: arn:aws:iam::${{env.AWS_DEVELOPMENT_ACCOUNT}}:role/delegation/core-pipeline + role-duration-seconds: 3600 + + - name: 'Terraform Init' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'init' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + args: -backend-config "bucket=ofx-terraform-state-${{env.ENVIRONMENT}}" + -backend-config "key=${{env.STACK_NAME}}" + -backend-config "region=${{env.AWS_REGION}}" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Terraform Plan Destory' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'plan' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + args: + -destroy + -out="./destroy-plan" + -var="app_s3_key=${{env.APP_S3_KEY}}/eventforwarder_lambda.zip" + -var="bucket_name=${{env.LAMBDA_PACKAGE_BUCKET}}" + -var="stack_name=${{env.STACK_NAME}}" + -var="environment=${{env.ENVIRONMENT}}" + -var="is_integrated_stack=${{env.IS_INTEGRATED_STACK}}" + + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Terraform Apply Destory' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'apply' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + args: "./destroy-plan" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/pr-raised.yml b/.github/workflows/pr-raised.yml new file mode 100644 index 0000000..f31c1c0 --- /dev/null +++ b/.github/workflows/pr-raised.yml @@ -0,0 +1,14 @@ +name: raise PR notification +on: + pull_request: + branches: + - master +jobs: + notifiy-channel: + runs-on: ubuntu-latest + steps: + - name: Notify teams channel of PR + uses: toko-bifrost/ms-teams-deploy-card@2.1.2 + with: + github-token: ${{ github.token }} + webhook-uri: ${{ secrets.TEAMS_WEBHOOK }} \ No newline at end of file diff --git a/.github/workflows/production-promote.yml b/.github/workflows/production-promote.yml new file mode 100644 index 0000000..2905a75 --- /dev/null +++ b/.github/workflows/production-promote.yml @@ -0,0 +1,102 @@ +name: promote to production +on: + release: + types: [published] +env: + TEAM_NAME: 'data' + AWS_PRODUCTION_ACCOUNT: '479125032639' + PROJECT: 'analytics' + APP_NAME: 'event-forwarder' + ENVIRONMENT: 'production' + BUILD_DIR: ./build + +jobs: + promote-to-staging: + runs-on: ubuntu-latest + env: + TF_ACTIONS_VERSION: 0.12.24 + steps: + - name: Checkout + uses: actions/checkout@v2 + + - uses: actions/setup-node@v1 + with: + node-version: '12.x' + registry-url: https://npm.pkg.github.com/ + scope: '@ofx-com' + - run: npm install + env: + NODE_AUTH_TOKEN: ${{ secrets.PACKAGE_TOKEN }} + - name: Configure environment variables + uses: ./node_modules/@ofx-com/github-action-configuration + + - name: Notify teams channel of Deployment + uses: toko-bifrost/ms-teams-deploy-card@2.1.2 + with: + github-token: ${{ github.token }} + webhook-uri: ${{ secrets.MS_TEAMS_DEPLOYMENT_WEBHOOK_URI }} + deploy-title: Production Deployment Triggered! + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.PRODUCTION_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.PRODUCTION_AWS_SECRET_ACCESS_KEY }} + aws-region: ${{env.AWS_REGION}} + role-to-assume: arn:aws:iam::${{env.AWS_PRODUCTION_ACCOUNT}}:role/delegation/core-pipeline + role-duration-seconds: 3600 + + - name: 'Terraform Format' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'fmt' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Terraform Init' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'init' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Terraform Validate' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'validate' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Terraform Plan' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'plan' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + args: -var="app_s3_key=${{env.APP_S3_KEY}}/eventforwarder_lambda.zip" + -var="bucket_name=${{env.LAMBDA_PACKAGE_BUCKET}}" + -var="environment_suffix=${{env.ENVIRONMENT_SUFFIX}}" + -var="resource_suffix=${{env.RESOURCE_SUFFIX}}" + -var="stack_name=${{env.STACK_NAME}}" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Terraform Apply' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'apply' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + args: -var="app_s3_key=${{env.APP_S3_KEY}}/eventforwarder_lambda.zip" + -var="bucket_name=${{env.LAMBDA_PACKAGE_BUCKET}}" + -var="environment_suffix=${{env.ENVIRONMENT_SUFFIX}}" + -var="resource_suffix=${{env.RESOURCE_SUFFIX}}" + -var="stack_name=${{env.STACK_NAME}}" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/staging-promote.yml b/.github/workflows/staging-promote.yml new file mode 100644 index 0000000..cb95355 --- /dev/null +++ b/.github/workflows/staging-promote.yml @@ -0,0 +1,103 @@ +name: Promote to staging +on: + push: + tags: + - 'v*' +env: + TEAM_NAME: 'data' + AWS_DEVELOPMENT_ACCOUNT: '995405243001' + PROJECT: 'analytics' + APP_NAME: 'event-forwarder' + ENVIRONMENT: 'staging' + BUILD_DIR: ./build + +jobs: + promote-to-staging: + runs-on: ubuntu-latest + env: + TF_ACTIONS_VERSION: 0.12.24 + steps: + - name: Checkout + uses: actions/checkout@v2 + + - uses: actions/setup-node@v1 + with: + node-version: '12.x' + registry-url: https://npm.pkg.github.com/ + scope: '@ofx-com' + - run: npm install + env: + NODE_AUTH_TOKEN: ${{ secrets.PACKAGE_TOKEN }} + - name: Configure environment variables + uses: ./node_modules/@ofx-com/github-action-configuration + + - name: Notify teams channel of Deployment + uses: toko-bifrost/ms-teams-deploy-card@2.1.2 + with: + github-token: ${{ github.token }} + webhook-uri: ${{ secrets.MS_TEAMS_DEPLOYMENT_WEBHOOK_URI }} + deploy-title: Staging Deployment Triggered! + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.DEVELOPMENT_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.DEVELOPMENT_AWS_SECRET_ACCESS_KEY }} + aws-region: ${{env.AWS_REGION}} + role-to-assume: arn:aws:iam::${{env.AWS_DEVELOPMENT_ACCOUNT}}:role/delegation/core-pipeline + role-duration-seconds: 3600 + + - name: 'Terraform Format' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'fmt' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Terraform Init' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'init' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Terraform Validate' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'validate' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Terraform Plan' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'plan' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + args: -var="app_s3_key=${{env.APP_S3_KEY}}/eventforwarder_lambda.zip" + -var="bucket_name=${{env.LAMBDA_PACKAGE_BUCKET}}" + -var="environment_suffix=${{env.ENVIRONMENT_SUFFIX}}" + -var="resource_suffix=${{env.RESOURCE_SUFFIX}}" + -var="stack_name=${{env.STACK_NAME}}" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Terraform Apply' + uses: hashicorp/terraform-github-actions@v0.8.0 + with: + tf_actions_version: ${{ env.TF_ACTIONS_VERSION }} + tf_actions_subcommand: 'apply' + tf_actions_working_dir: ${{ env.BUILD_DIR }} + args: -var="app_s3_key=${{env.APP_S3_KEY}}/eventforwarder_lambda.zip" + -var="bucket_name=${{env.LAMBDA_PACKAGE_BUCKET}}" + -var="environment_suffix=${{env.ENVIRONMENT_SUFFIX}}" + -var="resource_suffix=${{env.RESOURCE_SUFFIX}}" + -var="stack_name=${{env.STACK_NAME}}" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..717bb7a --- /dev/null +++ b/.gitignore @@ -0,0 +1,84 @@ + +#ignore credentials folder for local authentication for aws and terraform providers +.credentials/ +.credentials/* +.terraform/ +.terraform/* +#ignore thumbnails created by windows +Thumbs.db +#Ignore files build by Visual Studio +*.obj +*.exe +*.pdb +*.user +*.aps +*.pch +*.vspscc +*_i.c +*_p.c +*.ncb +*.suo +*.tlb +*.tlh +*.bak +*.cache +*.ilk +*.log +*.lock +*.idle-shm +*.idle-wal +[Bb]in +[Dd]ebug*/ +*.lib +*.sbr +.vs/DemoApp/v15/Server/sqlite3/storage.ide-shm +.vs/DemoApp/v15/Server/sqlite3/db.lock +.vs/DemoApp/v15/Server/sqlite3/storage.ide-wal +*/.vs +.vs +obj/ +[Rr]elease*/ +_ReSharper*/ +[Tt]est[Rr]esult* +packages/ +*/.vs +/Ozforex.AuthRedirection/.vs/* +/OzForex.TokenValidator/packages +*.boltdata +Deployed + +Ozforex.Authentication/Visual Studio 2015/ +*.ncrunchproject +*.ncrunchsolution + +# NCrunch +*.ncrunch* +.*crunch*.local.xml + +*.origapp.config +\r\n +web.config +\r\n +.artifact/ +.pipeline/ +.build/ +version.txt +Package +OFX.AuthLoopbackClient/.vs/ + +### VisualStudioCode ### +.vscode/* +!.vscode/settings.json +!.vscode/settings.json +!.vscode/launch.json +!.vscode/tasks.json + +### VisualStudioCode Patch ### +# Ignore all local history of files +.history +Funds.Api/Funds.Api/Properties/launchSettings.json + +.idea/* +*.xml +src/Hubble.Api/healthchecksdb +node_modules/ diff --git a/README.md b/README.md index f6df583..8d19a85 100644 --- a/README.md +++ b/README.md @@ -1,64 +1,9 @@ -# Automated Network Deployment: Multicloud VPN - GCP-AWS VPN - -Disclaimer: This is not an official Google product. - -Demonstration of Terraform for automated deployment of network infrastructure in -both Google Cloud Platform (GCP) and Amazon Web Services (AWS). This is a -multi-cloud VPN setup. - -You can look at an [architecture diagram for this setup -here](images/autonetdeploy_gcpawsvpn_arch.png). +# Multicloud VPN - GCP-AWS VPN See https://github.com/GoogleCloudPlatform/autonetdeploy-startup.git for the required procedure for setting up the environment with credentials for this tutorial. -## Quick Start - -* Select project gcp-automated-networks. -* Activate Google Cloud Shell. Use Cloud Shell because the Google Cloud SDK - (gcloud) and other tools are included. -* git clone - https://github.com/GoogleCloudPlatform/autonetdeploy-multicloudvpn.git -* cd autonetdeploy-multicloudvpn -* Install Terraform: ./get_terraform.sh - * export PATH=${HOME}/terraform:$ {PATH} -* Setup for AWS. - * After you sign in to the AWS Management Console, navigate to the VPC - Dashboard and select the Oregon region. - * ./aws_set_credentials.sh exists -* Setup for GCP. - * ./gcp_set_credentials.sh exists - * gcloud config set project [YOUR-PROJECT_ID] - * ./gcp_set_project.sh -* Run Terraform. - * pushd ./terraform - * Examine configuration files. - * terraform init - * terraform validate - * terraform plan - * terraform apply - * terraform output - * terraform show - * gcloud compute instances list - * ssh -i ~/.ssh/vm-ssh-key [GCP_EXTERNAL_IP] - * ping -c 5 google.com - * curl ifconfig.co/ip - * Run iperf over external route: /tmp/run_iperf_to_ext.sh - * Run iperf over VPN route: /tmp/run_iperf_to_int.sh - * exit - * ssh -i ~/.ssh/vm-ssh-key [AWS_EXTERNAL_IP] - * ping -c 5 google.com - * curl ifconfig.co/ip - * Run iperf over external route: /tmp/run_iperf_to_ext.sh - * Run iperf over VPN route: /tmp/run_iperf_to_int.sh - * exit -* Clean up - * terraform plan -destroy - * terraform destroy - * terraform show - * popd - ## References * [GCP Cloud VPN Overview](https://cloud.google.com/compute/docs/vpn/overview) @@ -68,18 +13,3 @@ tutorial. Guides](https://cloud.google.com/compute/docs/vpn/interop-guides) * [AWS VPN Connections](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpn-connections.html) - -## License - -Copyright 2017 Google Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); you may not use -this file except in compliance with the License. You may obtain a copy of the -License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software distributed -under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR -CONDITIONS OF ANY KIND, either express or implied. See the License for the -specific language governing permissions and limitations under the License. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..f138b77 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,19 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 1.0.x | :white_check_mark: | +| < 1.0.0 | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc. diff --git a/aws.tf b/aws.tf new file mode 100644 index 0000000..25331a2 --- /dev/null +++ b/aws.tf @@ -0,0 +1,18 @@ +locals { + transit_gateway_id = "tgw-067fc30b039641df1" +} + +resource "aws_customer_gateway" "cgw-gcp-au" { + bgp_asn = 65200 + ip_address = "10.61.7.250" + type = "ipsec.1" +} + +resource "aws_vpn_connection" "vpn-gcp-au-01" { + customer_gateway_id = "${aws_customer_gateway.cgw-gcp-au.id}" + transit_gateway_id = local.transit_gateway_id + type = "ipsec.1" + static_routes_only = false +} + + diff --git a/aws_outputs.tf b/aws_outputs.tf new file mode 100644 index 0000000..8944344 --- /dev/null +++ b/aws_outputs.tf @@ -0,0 +1,28 @@ +/* + * Copyright 2017 Google Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * Terraform output variables for AWS. + */ + +output "aws_instance_external_ip" { + value = aws_eip.aws-ip.public_ip +} + +output "aws_instance_internal_ip" { + value = aws_instance.aws-vm.private_ip +} + diff --git a/gcp.tf b/gcp.tf new file mode 100644 index 0000000..3700ba0 --- /dev/null +++ b/gcp.tf @@ -0,0 +1,164 @@ +/* +* # +* ▄▄▄█████▓▓█████ ▄▄▄ ███▄ ▄███▓ ██▓ ▄████▄ ▓█████ # +* ▓ ██▒ ▓▒▓█ ▀▒████▄ ▓██▒▀█▀ ██▒ ▓██▒▒██▀ ▀█ ▓█ ▀ # +* ▒ ▓██░ ▒░▒███ ▒██ ▀█▄ ▓██ ▓██░ ▒██▒▒▓█ ▄ ▒███ # +* ░ ▓██▓ ░ ▒▓█ ▄░██▄▄▄▄██ ▒██ ▒██ ░██░▒▓▓▄ ▄██▒▒▓█ ▄ # +* ▒██▒ ░ ░▒████▒▓█ ▓██▒▒██▒ ░██▒ ░██░▒ ▓███▀ ░░▒████▒ # +* ▒ ░░ ░░ ▒░ ░▒▒ ▓▒█░░ ▒░ ░ ░ ░▓ ░ ░▒ ▒ ░░░ ▒░ ░ # +* ░ ░ ░ ░ ▒ ▒▒ ░░ ░ ░ ▒ ░ ░ ▒ ░ ░ ░ # +* ░ ░ ░ ▒ ░ ░ ▒ ░░ ░ # +* ░ OFX INFRASTRUCTURE & CLOUD ENGINEERING ░ ░ # +* # +* +*.DESCRIPTION +* +*.INPUTS +* < +*.OUTPUTS +* < +*.NOTES +*