Skip to content

Commit

Permalink
bump ref to v0.7, replace local module paths with github paths, updat…
Browse files Browse the repository at this point in the history 
…e documentation
  • Loading branch information
@dmrzzz
dmrzzz committed May 10, 2017
1 parent 4b73b01 commit 2cdaf1f
Show file tree
Hide file tree
Showing 6 changed files with 46 additions and 48 deletions.
41 changes: 21 additions & 20 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ _Note_: these same building blocks can also be used to construct an Independent

If you are not familiar with Terraform, the six-part blog series [A Comprehensive Guide to Terraform](https://blog.gruntwork.io/a-comprehensive-guide-to-terraform-b3d32832baca) provides an excellent introduction, though some details are now obsolete due to recent improvements in Terraform (for example, we no longer need the separate "Terragrunt" tool to effectively manage remote state configuration). You can also consult Terraform's official [Getting Started Guide](https://www.terraform.io/intro/getting-started/install.html). That said, it should be possible to follow the Quick Start instructions below _without_ first reading anything else.

One thing you should know: **if at first you don't succeed, try "apply" again.** Terraform is usually quite good at handling dependencies and concurrency for you behind the scenes, but once in a while you may encounter a transient AWS API error while trying to deploy many changes at once because Terraform didn't wait long enough between steps.
One thing you should know: **if at first you don't succeed, try 'apply' again.** Terraform is usually quite good at handling dependencies and concurrency for you behind the scenes, but once in a while you may encounter a transient AWS API error while trying to deploy many changes at once because Terraform didn't wait long enough between steps.



Expand All @@ -27,31 +27,35 @@ You will need:

* an AWS account

* an official name (e.g. "aws-foobar-vpc") and IPv4 allocation (e.g. 10.x.y.0/24) for your Enterprise VPC
* an official name (e.g. 'aws-foobar-vpc') and IPv4 allocation (e.g. 10.x.y.0/24) for your Enterprise VPC

* an S3 bucket **with versioning enabled** for storing Terraform state, and a DynamoDB table for state locking (see also https://www.terraform.io/docs/backends/types/s3.html)
* an S3 bucket **with versioning enabled** for storing Terraform state, and a DynamoDB table for state locking (see also https://www.terraform.io/docs/backends/types/s3.html). To create these resources:

1. Choose a [valid S3 bucket name](http://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules).

* S3 bucket names are _globally_ unique, so you must choose one that is not already in use by another AWS account. One possible strategy is to use the pattern

bucket = "terraform.uiuc-tech-services-sandbox.aws.illinois.edu"

replacing "uiuc-tech-services-sandbox" with the friendly name of your AWS account.
replacing 'uiuc-tech-services-sandbox' with the friendly name of your AWS account.

2. Use AWS CLI to create the chosen bucket (replacing FIXME) and enable versioning:
2. Use AWS CLI to create the chosen bucket (replacing 'FIXME') and enable versioning:

aws s3api create-bucket --create-bucket-configuration LocationConstraint=us-east-2 --bucket FIXME && \
aws s3api put-bucket-versioning --versioning-configuration Status=Enabled --bucket FIXME
aws s3api create-bucket --create-bucket-configuration LocationConstraint=us-east-2 \
--bucket FIXME
aws s3api put-bucket-versioning --versioning-configuration Status=Enabled \
--bucket FIXME

3. Use AWS CLI to create a DynamoDB table for state locking called "terraform" (this name does _not_ need to be globally unique):
3. Use AWS CLI to create a DynamoDB table for state locking called 'terraform' (this name does _not_ need to be globally unique):

aws dynamodb create-table --region us-east-2 --table-name terraform \
--attribute-definitions AttributeName=LockID,AttributeType=S \
--key-schema AttributeName=LockID,KeyType=HASH \
--provisioned-throughput ReadCapacityUnits=1,WriteCapacityUnits=1
--attribute-definitions AttributeName=LockID,AttributeType=S \
--key-schema AttributeName=LockID,KeyType=HASH \
--provisioned-throughput ReadCapacityUnits=1,WriteCapacityUnits=1

* your own copy of this code, in your own source control repository (you can clone this one to use as a starting point), **customized** to reflect your AWS account and the specific subnets and other components you want your VPC to comprise
* your own copy of the sample environment code, in your own source control repository, **customized** to reflect your AWS account and the specific subnets and other components you want your VPC to comprise. (Note that you do _not_ need your own copy of the modules.)

Download the [latest release of this repository](https://github.com/cites-illinois/aws-enterprise-vpc/releases/latest) to use as a starting point.

**At minimum, you must edit the values marked with '#FIXME' comments in the following files**:
* in `global/terraform.tfvars`:
Expand Down Expand Up @@ -131,7 +135,7 @@ To set up a new workstation:

terraform output > details.txt

4. Contact Technology Services to enable Enterprise VPC networking features:
4. Contact Technology Services to enable Enterprise VPC networking features for your VPC:

* Do you need a Core Services VPC peering, VPN connections, or both?

Expand Down Expand Up @@ -179,7 +183,7 @@ After your VPC is deployed, the next logical step is to write additional infrast
key = "Shared Networking/global/terraform.tfstate"
key = "Shared Networking/vpc/terraform.tfstate"

where "Shared Networking" is meant to uniquely identify this IaC _repository_, and "global" or "vpc" the environment directory within this repository.
where 'Shared Networking' is meant to uniquely identify this IaC _repository_, and 'global' or 'vpc' the environment directory within this repository.


### Multiple VPCs
Expand All @@ -190,7 +194,6 @@ Important: **don't forget to change `key`** in the backend configuration stanza

.
├── global/
├── modules/
├── vpc/
└── vpc2/

Expand All @@ -203,10 +206,9 @@ If you wish to keep IaC for several different AWS accounts in the same repositor
├── account1/
│   ├── global/
│   └── vpc/
├── account2/
│   ├── global/
│   └── vpc/
└── modules/
└── account2/
   ├── global/
   └── vpc/

Note that each AWS account will need to use a different S3 bucket for Terraform state.

Expand All @@ -224,5 +226,4 @@ Note that each AWS account will need to use a different S3 bucket for Terraform
terraform state rm module.public1-a-net.module.subnet.data.aws_vpc_peering_connection.pcx

Wishlist:
- public github repository for this code (and replace local module paths with git paths)
- include optional RDNS Forwarders (and DHCP options)
3 changes: 1 addition & 2 deletions global/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,7 @@ provider "aws" {
# Customer Gateways

module "cgw" {
#source = "git::https://git.cites.illinois.edu/ts-networking/aws-enterprise-vpc.git//modules/customer-gateways?ref=v0.6"
source = "../modules/customer-gateways"
source = "git::https://github.com/cites-illinois/aws-enterprise-vpc.git//modules/customer-gateways?ref=v0.7"
}

# Optional CloudWatch monitoring for VPN connections (in all regions): see
Expand Down
4 changes: 2 additions & 2 deletions modules/campus-facing-subnet/module.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,8 @@ output "cidr_block" {
## Resources

module "subnet" {
#source = "git::https://git.cites.illinois.edu/ts-networking/aws-enterprise-vpc.git//modules/subnet-common?ref=v0.6"
source = "../subnet-common"
source = "git::https://github.com/cites-illinois/aws-enterprise-vpc.git//modules/subnet-common?ref=v0.7"

vpc_id = "${var.vpc_id}"
name = "${var.name}"
cidr_block = "${var.cidr_block}"
Expand Down
4 changes: 2 additions & 2 deletions modules/private-facing-subnet/module.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,8 +82,8 @@ output "cidr_block" {
## Resources

module "subnet" {
#source = "git::https://git.cites.illinois.edu/ts-networking/aws-enterprise-vpc.git//modules/subnet-common?ref=v0.6"
source = "../subnet-common"
source = "git::https://github.com/cites-illinois/aws-enterprise-vpc.git//modules/subnet-common?ref=v0.7"

vpc_id = "${var.vpc_id}"
name = "${var.name}"
cidr_block = "${var.cidr_block}"
Expand Down
4 changes: 2 additions & 2 deletions modules/public-facing-subnet/module.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,8 +75,8 @@ output "cidr_block" {
## Resources

module "subnet" {
#source = "git::https://git.cites.illinois.edu/ts-networking/aws-enterprise-vpc.git//modules/subnet-common?ref=v0.6"
source = "../subnet-common"
source = "git::https://github.com/cites-illinois/aws-enterprise-vpc.git//modules/subnet-common?ref=v0.7"

vpc_id = "${var.vpc_id}"
name = "${var.name}"
cidr_block = "${var.cidr_block}"
Expand Down
38 changes: 18 additions & 20 deletions vpc/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,16 +123,14 @@ resource "aws_internet_gateway" "igw" {
# require outbound Internet access.

module "nat-a" {
#source = "git::https://git.cites.illinois.edu/ts-networking/aws-enterprise-vpc.git//modules/nat-gateway?ref=v0.6"
source = "../modules/nat-gateway"
source = "git::https://github.com/cites-illinois/aws-enterprise-vpc.git//modules/nat-gateway?ref=v0.7"

# this public-facing subnet is defined further down
public_subnet_id = "${module.public1-a-net.id}"
}

module "nat-b" {
#source = "git::https://git.cites.illinois.edu/ts-networking/aws-enterprise-vpc.git//modules/nat-gateway?ref=v0.6"
source = "../modules/nat-gateway"
source = "git::https://github.com/cites-illinois/aws-enterprise-vpc.git//modules/nat-gateway?ref=v0.7"

# this public-facing subnet is defined further down
public_subnet_id = "${module.public1-b-net.id}"
Expand All @@ -159,8 +157,8 @@ resource "aws_vpn_gateway" "vgw" {
}

module "vpn1" {
#source = "git::https://git.cites.illinois.edu/ts-networking/aws-enterprise-vpc.git//modules/vpn-connection?ref=v0.6"
source = "../modules/vpn-connection"
source = "git::https://github.com/cites-illinois/aws-enterprise-vpc.git//modules/vpn-connection?ref=v0.7"

name = "${var.vpc_short_name}-vpn1"
vpn_gateway_id = "${aws_vpn_gateway.vgw.id}"
customer_gateway_id = "${data.terraform_remote_state.global.customer_gateway_ids["vpnhub-aws1-pub"]}"
Expand All @@ -179,8 +177,8 @@ output "vpn1.customer_gateway_configuration" {
}

module "vpn2" {
#source = "git::https://git.cites.illinois.edu/ts-networking/aws-enterprise-vpc.git//modules/vpn-connection?ref=v0.6"
source = "../modules/vpn-connection"
source = "git::https://github.com/cites-illinois/aws-enterprise-vpc.git//modules/vpn-connection?ref=v0.7"

name = "${var.vpc_short_name}-vpn2"
vpn_gateway_id = "${aws_vpn_gateway.vgw.id}"
customer_gateway_id = "${data.terraform_remote_state.global.customer_gateway_ids["vpnhub-aws2-pub"]}"
Expand Down Expand Up @@ -241,8 +239,8 @@ resource "null_resource" "wait_for_vpc_peering_connection_accepter" {
# want your subnets to use those things.

module "public1-a-net" {
#source = "git::https://git.cites.illinois.edu/ts-networking/aws-enterprise-vpc.git//modules/public-facing-subnet?ref=v0.6"
source = "../modules/public-facing-subnet"
source = "git::https://github.com/cites-illinois/aws-enterprise-vpc.git//modules/public-facing-subnet?ref=v0.7"

vpc_id = "${aws_vpc.vpc.id}"
name = "${var.vpc_short_name}-public1-a-net"
cidr_block = "192.168.0.0/27" #FIXME
Expand All @@ -255,8 +253,8 @@ module "public1-a-net" {
}

module "public1-b-net" {
#source = "git::https://git.cites.illinois.edu/ts-networking/aws-enterprise-vpc.git//modules/public-facing-subnet?ref=v0.6"
source = "../modules/public-facing-subnet"
source = "git::https://github.com/cites-illinois/aws-enterprise-vpc.git//modules/public-facing-subnet?ref=v0.7"

vpc_id = "${aws_vpc.vpc.id}"
name = "${var.vpc_short_name}-public1-b-net"
cidr_block = "192.168.0.32/27" #FIXME
Expand All @@ -269,8 +267,8 @@ module "public1-b-net" {
}

module "campus1-a-net" {
#source = "git::https://git.cites.illinois.edu/ts-networking/aws-enterprise-vpc.git//modules/campus-facing-subnet?ref=v0.6"
source = "../modules/campus-facing-subnet"
source = "git::https://github.com/cites-illinois/aws-enterprise-vpc.git//modules/campus-facing-subnet?ref=v0.7"

vpc_id = "${aws_vpc.vpc.id}"
name = "${var.vpc_short_name}-campus1-a-net"
cidr_block = "192.168.0.64/27" #FIXME
Expand All @@ -284,8 +282,8 @@ module "campus1-a-net" {
}

module "campus1-b-net" {
#source = "git::https://git.cites.illinois.edu/ts-networking/aws-enterprise-vpc.git//modules/campus-facing-subnet?ref=v0.6"
source = "../modules/campus-facing-subnet"
source = "git::https://github.com/cites-illinois/aws-enterprise-vpc.git//modules/campus-facing-subnet?ref=v0.7"

vpc_id = "${aws_vpc.vpc.id}"
name = "${var.vpc_short_name}-campus1-b-net"
cidr_block = "192.168.0.96/27" #FIXME
Expand All @@ -299,8 +297,8 @@ module "campus1-b-net" {
}

module "private1-a-net" {
#source = "git::https://git.cites.illinois.edu/ts-networking/aws-enterprise-vpc.git//modules/private-facing-subnet?ref=v0.6"
source = "../modules/private-facing-subnet"
source = "git::https://github.com/cites-illinois/aws-enterprise-vpc.git//modules/private-facing-subnet?ref=v0.7"

vpc_id = "${aws_vpc.vpc.id}"
name = "${var.vpc_short_name}-private1-a-net"
cidr_block = "192.168.0.128/27" #FIXME
Expand All @@ -313,8 +311,8 @@ module "private1-a-net" {
}

module "private1-b-net" {
#source = "git::https://git.cites.illinois.edu/ts-networking/aws-enterprise-vpc.git//modules/private-facing-subnet?ref=v0.6"
source = "../modules/private-facing-subnet"
source = "git::https://github.com/cites-illinois/aws-enterprise-vpc.git//modules/private-facing-subnet?ref=v0.7"

vpc_id = "${aws_vpc.vpc.id}"
name = "${var.vpc_short_name}-private1-b-net"
cidr_block = "192.168.0.160/27" #FIXME
Expand Down

0 comments on commit 2cdaf1f

Please sign in to comment.