From 69a1b42aae4ffa3336ef1a182b808b7f5f3c9bcf Mon Sep 17 00:00:00 2001
From: Keren Trajtenberg <keren.trajtenberg@post.runi.ac.il>
Date: Mon, 12 Feb 2024 18:57:29 +0200
Subject: [PATCH 1/3] added terraform standalone module for fsx creation

---
 .../deploy-fsx-ontap/module/variables.tf      |   4 +-
 .../standalone-module/README.md               | 157 ++++++++++++--
 .../standalone-module/main.tf                 | 204 ++++++++++++++++++
 .../standalone-module/output.tf               |  19 ++
 .../standalone-module/variables.tf            |  63 ++++++
 5 files changed, 429 insertions(+), 18 deletions(-)
 create mode 100644 Terraform/deploy-fsx-ontap/standalone-module/main.tf
 create mode 100644 Terraform/deploy-fsx-ontap/standalone-module/output.tf
 create mode 100644 Terraform/deploy-fsx-ontap/standalone-module/variables.tf

diff --git a/Terraform/deploy-fsx-ontap/module/variables.tf b/Terraform/deploy-fsx-ontap/module/variables.tf
index 1ffbfb5..e2ead40 100644
--- a/Terraform/deploy-fsx-ontap/module/variables.tf
+++ b/Terraform/deploy-fsx-ontap/module/variables.tf
@@ -112,8 +112,8 @@ variable "vol_info" {
   description = "Details for the volume creation"
   type        = map(any)
   default = {
-    "vol_name"             = "vol1"
-    "junction_path"        = "/vol1"
+   "vol_name"             = "vol1"
+   "junction_path"        = "/vol1"
 	 "size_mg"              = 1024
 	 "efficiency"           = true
 	 "tier_policy_name"     = "AUTO"
diff --git a/Terraform/deploy-fsx-ontap/standalone-module/README.md b/Terraform/deploy-fsx-ontap/standalone-module/README.md
index d1dcfbb..811ebd1 100644
--- a/Terraform/deploy-fsx-ontap/standalone-module/README.md
+++ b/Terraform/deploy-fsx-ontap/standalone-module/README.md
@@ -1,31 +1,156 @@
-<!-- BEGIN_TF_DOCS -->
+# Deploy an ONTAP FSx file-system using Terraform
+This sample demonstrates how to deploy an FSx for NetApp ONTAP file system, including an SVM and a FlexVolume in that file system, using AWS Terraform provider in a standalone Terraform module. 
+Follow the instructions below to use this sample in your own environment.
 
-## Repository Overview
+## Table of Contents
+* [Introduction](#introduction)
+* [Prerequisites](#prerequisites)
+* [Getting Started](#getting-started)
+* [Usage Examples](#usage-examples)
+* [Author Information](#author-information)
+* [License](#license)
 
-### Providers
+## Introduction
+### Repository Overview
+This is a standalone Terraform configutation repository that contains the following files:
+* **main.tf** - The main set of configuration for this terraform sample
 
-No providers.
+* **variables.tf** - Contains the variable definitions and assignments for this sample. Exported values will override any of the variables in this file. 
 
-### Inputs
+* **output.tf** - Contains output declarations of the resources created by this Terraform module. Terraform stores output values in the configuration's state file
 
-No inputs.
+### What to expect
 
-### Outputs
+Running this terraform sample will result the following:
+* Create a new AWS Security Group in your VPC with the following rules:
+    - **Ingress** allow all ICMP traffic
+    - **Ingress** allow nfs port 111 (both TCP and UDP)
+    - **Ingress** allow cifc TCP port 139
+    - **Ingress** allow snmp ports 161-162 (both TCP and UDP)
+    - **Ingress** allow smb cifs TCP port 445
+    - **Ingress** alloe bfs mount port 635 (both TCP and UDP)
+    - **Egress** allow all traffic
+* Create a new FSx for Netapp ONTAP file-system in your AWS account named "_terraform-fsxn_". The file-system will be created with the following configuration parameters:
+    * 1024Gb of storage capacity
+    * Multi AZ deployment type
+    * 256Mbps of throughput capacity 
 
-No outputs.
+* Create a Storage Virtual Maching (SVM) in this new file-system named "_first_svm_"
+* Create a new FlexVol volume in this SVM named "_vol1_" with the following configuration parameters:
+    * Size of 1024Mb
+    * Storage efficiencies mechanism enabled
+    * Auto tiering policy with 31 cooling days
+    * post-delete backup disabled 
 
-## Author Information
+> [!NOTE]
+> All of the above configuration parameters can be modified for your preference by assigning your own values in the `variables.tf` file! 
 
-This repository is maintained by the contributors listed on [GitHub](https://github.com/NetApp/FSx-ONTAP-samples-scripts/graphs/contributors).
+## Prerequisites
 
-## License
+1. [Terraform prerequisites](#terraform)
+2. [AWS prerequisites](#aws-account-setup)
 
-Licensed under the Apache License, Version 2.0 (the "License").
+### Terraform
 
-You may obtain a copy of the License at [apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0).
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6.6 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.25 |
 
-Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an _"AS IS"_ basis, without WARRANTIES or conditions of any kind, either express or implied.
+### AWS Account Setup
 
-See the License for the specific language governing permissions and limitations under the License.
+* You must have an AWS Account with necessary permissions to create and manage resources
+* Configure your AWS Credentials on the server running this Terraform module. This can be derived from several sources, which are applied in the following order:
+    1. Parameters in the provider configuration
+    2. Environment variables
+    3. Shared credentials files
+    4. Shared configuration files
+    5. Container credentials
+    6. Instance profile credentials and Region
 
-<!-- END_TF_DOCS -->
\ No newline at end of file
+    This order matches the precedence used by the [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-precedence) and the [AWS SDKs](https://aws.amazon.com/tools/).
+
+    > [NOTE!]
+    > In this sample, the AWS Credentials were configured through [AWS CLI](https://aws.amazon.com/cli/), which adds them to a shared configuration file (option 4 above). Therefore, this documentation only provides guidance on setting-up the AWS credentials with shared configuration file using AWS CLI.
+
+    #### Configure AWS Credentials using AWS CLI
+
+    The AWS Provider can source credentials and other settings from the shared configuration and credentials files. By default, these files are located at `$HOME/.aws/config` and `$HOME/.aws/credentials` on Linux and macOS, and `"%USERPROFILE%\.aws\credentials"` on Windows.
+
+    There are several ways to set your credentials and configuration setting using AWS CLI. We will use [`aws configure`](https://docs.aws.amazon.com/cli/latest/reference/configure/index.html) command:
+
+    Run the following command to quickly set and view your credentails, region, and output format. The following example shows sample values:
+
+    ```shell
+    $ aws configure
+    AWS Access Key ID [None]: < YOUR-ACCESS-KEY-ID >
+    AWS Secret Access Key [None]: < YOUR-SECRET-ACCESS-KE >
+    Default region name [None]: < YOUR-PREFERRED-REGION >
+    Default output format [None]: json
+    ```
+
+    To list configuration data, use the [`aws configire list`](https://docs.aws.amazon.com/cli/latest/reference/configure/list.html) command. This command lists the profile, access key, secret key, and region configuration information used for the specified profile. For each configuration item, it shows the value, where the configuration value was retrieved, and the configuration variable name.
+
+
+
+## Usage
+
+#### 1. Clone the repository
+In your server's terminal, navigate to the location where you wish to store this Terraform repository, and clone the repository using your preferred authentication type. In this example we are using HTTPS clone:
+
+```shell 
+git clone https://github.com/NetApp/FSxN-Samples.git
+```
+
+#### 2. Navigate to the directory
+```shell
+cd terraform_deployment
+```
+
+#### 3. Initialize Terraform
+This directory represents a standalone Terraform module. Run the following command to initialize the module and install all dependencies:
+```shell
+terraform init
+```
+
+A succesfull initialization should display the following output:
+```shell
+
+Initializing the backend...
+
+Initializing provider plugins...
+- Reusing previous version of hashicorp/aws from the dependency lock file
+- Using previously-installed hashicorp/aws v5.25.0
+
+Terraform has been successfully initialized!
+
+You may now begin working with Terraform. Try running "terraform plan" to see
+any changes that are required for your infrastructure. All Terraform commands
+should now work.
+
+If you ever set or change modules or backend configuration for Terraform,
+rerun this command to reinitialize your working directory. If you forget, other
+commands will detect it and remind you to do so if necessary.
+```
+You can see that Terraform recognizes the modules required by our configuration: `hashicorp/aws`.
+
+#### 4. Update Variables
+
+a. Open the **`variables.tf`** file in your preferred text editor. Update the values of the variables to match your preferences and save the file. This will ensure that the Terraform code deploys resources according to your specifications.
+
+**Make sure to replace the values with ones that match your AWS environment and needs.**
+
+b. modify the remaining optional variables in the **`main.tf`** file and remove commenting where needed according to the explenations in-line.
+
+#### 5. Create a Terraform plan
+Run the following command to create an execution plan, which lets you preview the changes that Terraform plans to make to your infrastructure:
+```shell
+terraform plan
+```
+Ensure that the proposed changes match what you expected before you apply the changes!
+
+#### 6. Apply the Terraform plan
+Run the following command to execute the Terrafom code and apply the changes proposed in the `plan` step:
+```shell
+terraform apply
+```
diff --git a/Terraform/deploy-fsx-ontap/standalone-module/main.tf b/Terraform/deploy-fsx-ontap/standalone-module/main.tf
new file mode 100644
index 0000000..b0cea11
--- /dev/null
+++ b/Terraform/deploy-fsx-ontap/standalone-module/main.tf
@@ -0,0 +1,204 @@
+
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.25.0"
+    }
+  }
+
+}
+
+provider "aws" {
+  region = "us-west-2"
+}
+
+/* 
+  The following resources are a Security Group followed by ingress and egress rules for FSx ONTAP. 
+  The Security Group is not required for deploying FSx ONTAP, but is included here for completeness.
+
+  - If you wish to skip this resource, comment out the resource blocks of the Security Group and the rules.
+
+  - If you wish to use the Security Group, choose the relevant source for the ingress rules (can be either cidr block or security group id)
+    and uncomment the relevant line in the resource block. Make sure you add your specific value as well. 
+
+  Note that a source reference for a Security Group is optional, but is considered to be a best practice.
+  Feel free to add, remove, or change the rules as needed. The rules below are just a suggestion for basic functionality.
+*/
+
+resource "aws_security_group" "fsx_sg" {
+  name        = "fsx_sg"
+  description = "Allow FSx ONTAP required ports"
+  vpc_id      = var.vpc_id
+}
+
+resource "aws_vpc_security_group_ingress_rule" "all_icmp" {
+  security_group_id = aws_security_group.fsx_sg.id
+  description       = "Allow all ICMP traffic"
+  cidr_ipv4         = "0.0.0.0/0"
+  from_port         = -1
+  to_port           = -1
+  ip_protocol       = "icmp"
+}
+
+resource "aws_vpc_security_group_ingress_rule" "nfs_tcp" {
+  security_group_id = aws_security_group.fsx_sg.id
+  description       = "Remote procedure call for NFS"
+//  cidr_ipv4         = "10.0.0.0/8"
+//  referenced_security_group_id = "sg-11111111111111111"
+  from_port         = 111
+  to_port           = 111
+  ip_protocol       = "tcp"
+}
+
+resource "aws_vpc_security_group_ingress_rule" "nfs_udp" {
+  security_group_id = aws_security_group.fsx_sg.id
+  description       = "Remote procedure call for NFS"
+//  cidr_ipv4         = "10.0.0.0/8"
+//  referenced_security_group_id = "sg-11111111111111111"
+  from_port         = 111
+  to_port           = 111
+  ip_protocol       = "udp"
+}
+
+resource "aws_vpc_security_group_ingress_rule" "cifs" {
+  security_group_id = aws_security_group.fsx_sg.id
+  description       = "NetBIOS service session for CIFS"
+//  cidr_ipv4         = "10.0.0.0/8"
+//  referenced_security_group_id = "sg-11111111111111111"
+  from_port         = 139
+  to_port           = 139
+  ip_protocol       = "tcp"
+}
+
+resource "aws_vpc_security_group_ingress_rule" "snmp_tcp" {
+  security_group_id = aws_security_group.fsx_sg.id
+  description       = "Simple network management protocol for log collection"
+//  cidr_ipv4         = "10.0.0.0/8"
+//  referenced_security_group_id = "sg-11111111111111111"
+  from_port         = 161
+  to_port           = 162
+  ip_protocol       = "tcp"
+}
+
+resource "aws_vpc_security_group_ingress_rule" "snmp_udp" {
+  security_group_id = aws_security_group.fsx_sg.id
+  description       = "Simple network management protocol for log collection"
+//  cidr_ipv4         = "10.0.0.0/8"
+//  referenced_security_group_id = "sg-11111111111111111"
+  from_port         = 161
+  to_port           = 162
+  ip_protocol       = "udp"
+}
+
+resource "aws_vpc_security_group_ingress_rule" "smb_cifs" {
+  security_group_id = aws_security_group.fsx_sg.id
+  description       = "Microsoft SMB/CIFS over TCP with NetBIOS framing"
+//  cidr_ipv4         = "10.0.0.0/8"
+//  referenced_security_group_id = "sg-11111111111111111"
+  from_port         = 445
+  to_port           = 445
+  ip_protocol       = "tcp"
+}
+
+resource "aws_vpc_security_group_ingress_rule" "nfs_mount_tcp" {
+  security_group_id = aws_security_group.fsx_sg.id
+  description       = "NFS mount"
+//  cidr_ipv4         = "10.0.0.0/8"
+//  referenced_security_group_id = "sg-11111111111111111"
+  from_port         = 635
+  to_port           = 635
+  ip_protocol       = "tcp"
+}
+
+resource "aws_vpc_security_group_ingress_rule" "nfs_mount_udp" {
+  security_group_id = aws_security_group.fsx_sg.id
+  description       = "NFS mount"
+//  cidr_ipv4         = "10.0.0.0/8"
+//  referenced_security_group_id = "sg-11111111111111111"
+  from_port         = 635
+  to_port           = 635
+  ip_protocol       = "udp"
+}
+
+resource "aws_vpc_security_group_egress_rule" "allow_all_traffic" {
+  security_group_id = aws_security_group.fsx_sg.id
+  cidr_ipv4         = "0.0.0.0/0"
+  ip_protocol       = "-1"
+}
+
+/*
+  The following resources are for deploying a complete FSx ONTAP file system. 
+  The code below deploys the following resources in this order:
+  1. A file system 
+  2. A storage virtual machine
+  3. A volume within the storage virtual machine
+
+  Every resource include both optional and required parameters, separated by a comment line.
+  Feel free to add or remove optional parameters as needed.
+  The current settings are just a suggestion for basic functionality.
+*/
+
+resource "aws_fsx_ontap_file_system" "terraform-fsxn" {
+// REQUIRED PARAMETERS 
+  // for SINGLE_AZ deployment, remove the "secondarysub" from the list of subnet_ids
+  subnet_ids          = [var.fsx_subnets["primarysub"], var.fsx_subnets["secondarysub"]]
+  preferred_subnet_id = var.fsx_subnets["primarysub"]
+
+// OPTIONAL PARAMETERS
+  storage_capacity    = var.fsx_capacity_size_gb
+  security_group_ids  = [aws_security_group.fsx_sg.id]
+  deployment_type     = var.fsx_deploy_type
+  throughput_capacity = var.fsx_tput_in_MBps
+  fsx_admin_password  = var.fsx_admin_password
+  tags = {
+	  Name = var.fsx_name
+  }
+  # weekly_maintenance_start_time = "00:00:00"
+  # kms_key_id = ""
+  # automatic_backup_retention_days = 0
+  # daily_automatic_backup_start_time = "00:00"
+  # disk_iops_configuration = ""
+  # endpoint_ip_address_range = ""
+  # ha_pairs = 1
+  # Storage_type = "SSD"
+  # route_table_ids = []
+  # throughput_capacity_per_ha_pair = 0
+}
+
+resource "aws_fsx_ontap_storage_virtual_machine" "mysvm" {
+// REQUIRED PARAMETERS
+  file_system_id      = aws_fsx_ontap_file_system.terraform-fsxn.id
+  name                = var.svm_name
+
+// OPTIONAL PARAMETERS
+  # root_volume_security_style = "
+  # tags                       = {}
+  # # active_directory_configuration {}
+}
+
+resource "aws_fsx_ontap_volume" "myvol" {
+// REQUIRED PARAMETERS
+  name                       = var.vol_info["vol_name"]
+  size_in_megabytes          = var.vol_info["size_mg"]
+  storage_virtual_machine_id = aws_fsx_ontap_storage_virtual_machine.mysvm.id
+
+// OPTIONAL PARAMETERS
+  junction_path              = var.vol_info["junction_path"]
+  ontap_volume_type          = "RW"
+  storage_efficiency_enabled = var.vol_info["efficiency"]
+  tiering_policy {
+    name           = var.vol_info["tier_policy_name"]
+    cooling_period = var.vol_info["cooling_period"]
+  }
+  // The following argument disables the creation of a post-deletion backup. Comment out to allow the creation of a post-deletion backup.
+  skip_final_backup = true
+  # bypass_snaplock_enterprise_retention = true
+  # copy_tags_to_backups = false
+  # security_style = "MIXED"
+  # snaplock_configuration {}
+  # snapshot_policy {}
+  # tags = {}  
+}
+
+
diff --git a/Terraform/deploy-fsx-ontap/standalone-module/output.tf b/Terraform/deploy-fsx-ontap/standalone-module/output.tf
new file mode 100644
index 0000000..a0f1b20
--- /dev/null
+++ b/Terraform/deploy-fsx-ontap/standalone-module/output.tf
@@ -0,0 +1,19 @@
+output "my_fsx_ontap_security_group_id" {
+  description = "The ID of the FSxN Security Group"
+  value       = aws_security_group.fsx_sg.id
+}
+
+output "my_filesystem_id" {
+  description = "The ID of the FSxN Filesystem"
+  value       = aws_fsx_ontap_file_system.terraform-fsxn.id
+}
+
+output "my_svm_id" {
+  description = "The ID of the FSxN Storage Virtual Machine"
+  value       = aws_fsx_ontap_storage_virtual_machine.mysvm.id
+}
+
+output "my_vol_id" {
+  description = "The ID of the ONTAP volume in the File System"
+  value       = aws_fsx_ontap_volume.myvol.id
+}
\ No newline at end of file
diff --git a/Terraform/deploy-fsx-ontap/standalone-module/variables.tf b/Terraform/deploy-fsx-ontap/standalone-module/variables.tf
new file mode 100644
index 0000000..e72a447
--- /dev/null
+++ b/Terraform/deploy-fsx-ontap/standalone-module/variables.tf
@@ -0,0 +1,63 @@
+variable "fsx_name" {
+   description = "The deployed filesystem name"
+   type        = string
+   default     = "terraform-fsxn"
+}
+
+variable "vpc_id" {
+   description = "The ID of the VPC in which the FSxN fikesystem should be deployed"
+   type        = string
+   default     = "vpc-111111111"
+}
+
+variable "fsx_subnets" {
+   description = "A list of IDs for the subnets that the file system will be accessible from. Up to 2 subnets can be provided."
+   type        = map(any)
+   default = {
+      "primarysub"   = ""
+      "secondarysub" = ""
+   }
+}
+
+variable "fsx_capacity_size_gb" {
+   description = "The storage capacity (GiB) of the FSxN file system. Valid values between 1024 and 196608"
+   type = number
+   default = 1024
+}
+
+variable "fsx_deploy_type" {
+   description = "The filesystem deployment type. Supports MULTI_AZ_1 and SINGLE_AZ_1"
+   type = string 
+   default = "MULTI_AZ_1"
+}
+       
+variable "fsx_tput_in_MBps" {
+   description = "The throughput capacity (in MBps) for the file system. Valid values are 128, 256, 512, 1024, 2048, and 4096."
+   type = number
+   default = 256
+}
+
+variable "fsx_admin_password" {
+  description = "The ONTAP administrative password for the fsxadmin user that you can use to administer your file system using the ONTAP CLI and REST API"
+  type        = string
+  default     = "password"
+}
+
+variable "svm_name" {
+   description = "The name of the Storage Virtual Machine"
+   type = string
+   default = "first_svm"
+}
+
+variable "vol_info" {
+   description = "Details for the volume creation"
+   type = map
+   default = {
+     "vol_name" = "vol1"
+     "junction_path" = "/vol1"
+	  "size_mg" = 1024
+	  "efficiency" = true
+	  "tier_policy_name" = "AUTO"
+	  "cooling_period" = 31
+   }
+}
\ No newline at end of file

From a56fb0ba9ec7a0d846e9acec795cefae576047c6 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Mon, 12 Feb 2024 16:58:06 +0000
Subject: [PATCH 2/3] terraform-docs: automated action

---
 .../standalone-module/README.md               | 49 +++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/Terraform/deploy-fsx-ontap/standalone-module/README.md b/Terraform/deploy-fsx-ontap/standalone-module/README.md
index 811ebd1..d09fc44 100644
--- a/Terraform/deploy-fsx-ontap/standalone-module/README.md
+++ b/Terraform/deploy-fsx-ontap/standalone-module/README.md
@@ -154,3 +154,52 @@ Run the following command to execute the Terrafom code and apply the changes pro
 ```shell
 terraform apply
 ```
+
+<!-- BEGIN_TF_DOCS -->
+
+## Repository Overview
+
+### Providers
+
+| Name | Version |
+|------|---------|
+| aws | 5.25.0 |
+
+### Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| fsx_admin_password | The ONTAP administrative password for the fsxadmin user that you can use to administer your file system using the ONTAP CLI and REST API | `string` | `"password"` | no |
+| fsx_capacity_size_gb | The storage capacity (GiB) of the FSxN file system. Valid values between 1024 and 196608 | `number` | `1024` | no |
+| fsx_deploy_type | The filesystem deployment type. Supports MULTI_AZ_1 and SINGLE_AZ_1 | `string` | `"MULTI_AZ_1"` | no |
+| fsx_name | The deployed filesystem name | `string` | `"terraform-fsxn"` | no |
+| fsx_subnets | A list of IDs for the subnets that the file system will be accessible from. Up to 2 subnets can be provided. | `map(any)` | <pre>{<br>  "primarysub": "",<br>  "secondarysub": ""<br>}</pre> | no |
+| fsx_tput_in_MBps | The throughput capacity (in MBps) for the file system. Valid values are 128, 256, 512, 1024, 2048, and 4096. | `number` | `256` | no |
+| svm_name | The name of the Storage Virtual Machine | `string` | `"first_svm"` | no |
+| vol_info | Details for the volume creation | `map` | <pre>{<br>  "cooling_period": 31,<br>  "efficiency": true,<br>  "junction_path": "/vol1",<br>  "size_mg": 1024,<br>  "tier_policy_name": "AUTO",<br>  "vol_name": "vol1"<br>}</pre> | no |
+| vpc_id | The ID of the VPC in which the FSxN fikesystem should be deployed | `string` | `"vpc-111111111"` | no |
+
+### Outputs
+
+| Name | Description |
+|------|-------------|
+| my_filesystem_id | The ID of the FSxN Filesystem |
+| my_fsx_ontap_security_group_id | The ID of the FSxN Security Group |
+| my_svm_id | The ID of the FSxN Storage Virtual Machine |
+| my_vol_id | The ID of the ONTAP volume in the File System |
+
+## Author Information
+
+This repository is maintained by the contributors listed on [GitHub](https://github.com/NetApp/FSx-ONTAP-samples-scripts/graphs/contributors).
+
+## License
+
+Licensed under the Apache License, Version 2.0 (the "License").
+
+You may obtain a copy of the License at [apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0).
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an _"AS IS"_ basis, without WARRANTIES or conditions of any kind, either express or implied.
+
+See the License for the specific language governing permissions and limitations under the License.
+
+<!-- END_TF_DOCS -->
\ No newline at end of file

From 56b1a0251f3079c7d70cb9b0842643405782f507 Mon Sep 17 00:00:00 2001
From: Keren Trajtenberg <keren.trajtenberg@post.runi.ac.il>
Date: Mon, 12 Feb 2024 19:03:46 +0200
Subject: [PATCH 3/3] added sg cide source

---
 .../standalone-module/main.tf                 | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/Terraform/deploy-fsx-ontap/standalone-module/main.tf b/Terraform/deploy-fsx-ontap/standalone-module/main.tf
index b0cea11..308eefd 100644
--- a/Terraform/deploy-fsx-ontap/standalone-module/main.tf
+++ b/Terraform/deploy-fsx-ontap/standalone-module/main.tf
@@ -20,7 +20,8 @@ provider "aws" {
   - If you wish to skip this resource, comment out the resource blocks of the Security Group and the rules.
 
   - If you wish to use the Security Group, choose the relevant source for the ingress rules (can be either cidr block or security group id)
-    and uncomment the relevant line in the resource block. Make sure you add your specific value as well. 
+    and modify/uncomment the relevant line in the resource block. Make sure you add your specific value as well. 
+    Note that currently all rules are configured for source cidr: 10.0.0.0/8
 
   Note that a source reference for a Security Group is optional, but is considered to be a best practice.
   Feel free to add, remove, or change the rules as needed. The rules below are just a suggestion for basic functionality.
@@ -44,7 +45,7 @@ resource "aws_vpc_security_group_ingress_rule" "all_icmp" {
 resource "aws_vpc_security_group_ingress_rule" "nfs_tcp" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Remote procedure call for NFS"
-//  cidr_ipv4         = "10.0.0.0/8"
+  cidr_ipv4         = "10.0.0.0/8"
 //  referenced_security_group_id = "sg-11111111111111111"
   from_port         = 111
   to_port           = 111
@@ -54,7 +55,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs_tcp" {
 resource "aws_vpc_security_group_ingress_rule" "nfs_udp" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Remote procedure call for NFS"
-//  cidr_ipv4         = "10.0.0.0/8"
+  cidr_ipv4         = "10.0.0.0/8"
 //  referenced_security_group_id = "sg-11111111111111111"
   from_port         = 111
   to_port           = 111
@@ -64,7 +65,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs_udp" {
 resource "aws_vpc_security_group_ingress_rule" "cifs" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "NetBIOS service session for CIFS"
-//  cidr_ipv4         = "10.0.0.0/8"
+  cidr_ipv4         = "10.0.0.0/8"
 //  referenced_security_group_id = "sg-11111111111111111"
   from_port         = 139
   to_port           = 139
@@ -74,7 +75,7 @@ resource "aws_vpc_security_group_ingress_rule" "cifs" {
 resource "aws_vpc_security_group_ingress_rule" "snmp_tcp" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Simple network management protocol for log collection"
-//  cidr_ipv4         = "10.0.0.0/8"
+  cidr_ipv4         = "10.0.0.0/8"
 //  referenced_security_group_id = "sg-11111111111111111"
   from_port         = 161
   to_port           = 162
@@ -84,7 +85,7 @@ resource "aws_vpc_security_group_ingress_rule" "snmp_tcp" {
 resource "aws_vpc_security_group_ingress_rule" "snmp_udp" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Simple network management protocol for log collection"
-//  cidr_ipv4         = "10.0.0.0/8"
+  cidr_ipv4         = "10.0.0.0/8"
 //  referenced_security_group_id = "sg-11111111111111111"
   from_port         = 161
   to_port           = 162
@@ -94,7 +95,7 @@ resource "aws_vpc_security_group_ingress_rule" "snmp_udp" {
 resource "aws_vpc_security_group_ingress_rule" "smb_cifs" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Microsoft SMB/CIFS over TCP with NetBIOS framing"
-//  cidr_ipv4         = "10.0.0.0/8"
+  cidr_ipv4         = "10.0.0.0/8"
 //  referenced_security_group_id = "sg-11111111111111111"
   from_port         = 445
   to_port           = 445
@@ -104,7 +105,7 @@ resource "aws_vpc_security_group_ingress_rule" "smb_cifs" {
 resource "aws_vpc_security_group_ingress_rule" "nfs_mount_tcp" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "NFS mount"
-//  cidr_ipv4         = "10.0.0.0/8"
+  cidr_ipv4         = "10.0.0.0/8"
 //  referenced_security_group_id = "sg-11111111111111111"
   from_port         = 635
   to_port           = 635
@@ -114,7 +115,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs_mount_tcp" {
 resource "aws_vpc_security_group_ingress_rule" "nfs_mount_udp" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "NFS mount"
-//  cidr_ipv4         = "10.0.0.0/8"
+  cidr_ipv4         = "10.0.0.0/8"
 //  referenced_security_group_id = "sg-11111111111111111"
   from_port         = 635
   to_port           = 635