-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathenv_variables_aws.yaml
158 lines (151 loc) · 5.27 KB
/
env_variables_aws.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
root:
# Flag the decides if the terraform files are generated using the playbook
prepare: true
# Decides if the terraform generated resources are going to be created.
write: true
terraform:
location: ../terraform_templates
aws_version: 4.0
prefix: bsa-auto-infra
modules:
vpc: ../terraform_templates/modules/vpc
outputs:
location: /app/infra-provision-outputs
resources:
tags:
OWNER: AUTOMATION_TEAM
PURPOSE: AUTOMATION
vpc:
enabled: true
# Only if enabled is set to "false", then all the "pre_existing" parameters must be set
pre_existing:
vpc_id: "vpc-01234567"
# Full options for further implementation https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc
# This is only required when the resource is going to be created
options:
name: "vpc"
cidr_block: 10.15.0.0/20
instance_tenancy: "default"
enable_dns_support: "true"
enable_dns_hostnames: "false"
subnet:
enabled: true
pre_existing:
subnet_id: "subnet-01234567"
# Full options for further implementation https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet
# This is only required when the resource is going to be created
options:
name: "sbt"
cidr_block: 10.15.0.0/24
availability_zone: ""
security_group:
enabled: true
pre_existing:
security_group_id: "sg-01234567"
# Full options for further implementation https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc
# This is only required when the resource is going to be created
options:
name: "sg"
description: "Security Group of team for Development Automation"
rules:
ingress:
# Add or delete more elements to the array to generate more rules
- name: Allow all traffic in VPC
protocol: all
portRange:
start: 0
end: 65535
# IMPORTANT: To enable this rule, ensure that matches the resources.vpc.options.cidr_block
source: 10.15.0.0/20
- name: Allow RDP Traffic for my target IP
protocol: TCP
portRange:
start: 3389
end: 3389
# This is a sample public IP
source: 45.85.127.50/32
- name: Allow RDP Traffic for my target IP 2
protocol: TCP
portRange:
start: 3389
end: 3389
# This is a sample public IP
source: 88.17.97.238/32
- name: Allow SSH Traffic for my target IP
protocol: TCP
portRange:
start: 22
end: 22
# This is a sample public IP
source: 45.85.127.50/32
egress:
- name: Allow all traffic to same VPC
# This indicates all the protocols ("-1" also works as an equivalent)
protocol: all
# For only one port use the same por for start and finish
# The full range is 0-65535
portRange:
start: 0
end: 65535
# IMPORTANT: To enable this rule, ensure that matches the resources.vpc.options.cidr_block
# TODO: Create automation so it "Self VPC" inputs the VPC id either pre-existing or generated instead of having to have the exact value.
destination: 10.15.0.0/20
- name: Allow Common internet 80
protocol: TCP
portRange:
start: 80
end: 80
destination: 0.0.0.0/0
- name: Allow Common internet 8080
protocol: TCP
portRange:
start: 8080
end: 8080
destination: 0.0.0.0/0
- name: Allow Common internet 443
protocol: TCP
portRange:
start: 443
end: 443
destination: 0.0.0.0/0
key:
algorithm: RSA
bits: 4096
instance:
enabled: true
count: 1
options:
name: "windows"
ami:
eu-south-2: "ami-0a71f7e0e2d92a151"
eu-west-1: "ami-0aa99174e2f8adfb4"
eu-west-2: "ami-0c618421e207909d0"
eu-west-3: "ami-0a1491ab12bfc93df"
eu-central-1: "ami-0e9ea35223a924666"
instance_type: "t3.2xlarge"
volumes:
size: 100
delete_on_termination: true
encrypted: true
internet_gateway:
enabled: true
options:
name: "ig"
# IMPORTANT-IG-ID: In case of using an existing internet gateway, remember to include the id in the routes for internet access resources.route_table.options.routes[0].target
route_table:
enabled: true
options:
name: "rt"
routes:
# For any additional routes, it only needs to be set as another element of the list with the details of name, type, destination and target.
- name: to internet gateway
type: gateway_id
destination: 0.0.0.0/0
# If internet gateway creation is enabled and target is "playbook", it will use the id of the current generated internet gateway id.
# Otherwise an internet gateway id must be specified here (Check # IMPORTANT-IG-ID).
target: playbook
vpn:
enabled: true
domain: example.com
organization: Example
cidr: 10.0.0.0/16