forked from Code-Triarii/aws-windows-provider
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathenv_variables_aws.yaml
240 lines (229 loc) · 7.11 KB
/
env_variables_aws.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
# Reusable variables here to avoid recursions issues
cidr_block: "10.15.0.0/16"
root:
# Flag the decides if the terraform files are generated using the playbook
prepare: false
# Decides if the terraform generated resources are going to be created.
write: true
terraform:
location: ../terraform_templates
aws_version: 4.0
prefix: bsa-auto-infra
modules:
vpc: "../terraform_templates/modules/vpc"
outputs:
location: /app/infra-provision-outputs
resources:
tags:
OWNER: AUTOMATION_TEAM
PURPOSE: AUTOMATION
vpc:
enabled: true
# Only if enabled is set to "false", then all the "pre_existing" parameters must be set
pre_existing:
vpc_id: "vpc-01234567"
# Full options for further implementation https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc
# This is only required when the resource is going to be created
options:
name: "vpc"
cidr_block: "{{ cidr_block }}"
instance_tenancy: "default"
enable_dns_support: "true"
enable_dns_hostnames: "false"
subnet:
enabled: true
pre_existing:
subnet_id: "subnet-01234567"
# Full options for further implementation https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet
# This is only required when the resource is going to be created
options:
name: "sbt"
cidr_block:
public: 10.15.1.0/24
private: 10.15.2.0/24
availability_zone: ""
security_group:
enabled: true
pre_existing:
security_group_id: "sg-01234567"
# Full options for further implementation https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc
# This is only required when the resource is going to be created
options:
name: "sg"
description: "Security Group of team for Development Automation"
rules:
ingress:
# Add or delete more elements to the array to generate more rules
- name: Allow all traffic in VPC
protocol: all
portRange:
start: 0
end: 65535
# IMPORTANT: To enable this rule, ensure that matches the resources.vpc.options.cidr_block
source: "{{ cidr_block }}"
- name: Allow SSH Traffic for my target IP
protocol: TCP
portRange:
start: 22
end: 22
# This is a sample public IP
source: 45.85.127.50/32
egress:
- name: Allow all traffic to same VPC
# This indicates all the protocols ("-1" also works as an equivalent)
protocol: all
# For only one port use the same por for start and finish
# The full range is 0-65535
portRange:
start: 0
end: 65535
# IMPORTANT: To enable this rule, ensure that matches the resources.vpc.options.cidr_block
# TODO: Create automation so it "Self VPC" inputs the VPC id either pre-existing or generated instead of having to have the exact value.
destination: "{{ cidr_block }}"
- name: Allow Common internet 80
protocol: TCP
portRange:
start: 80
end: 80
destination: 0.0.0.0/0
- name: Allow Common internet 8080
protocol: TCP
portRange:
start: 8080
end: 8080
destination: 0.0.0.0/0
- name: Allow Common internet 443
protocol: TCP
portRange:
start: 443
end: 443
destination: 0.0.0.0/0
- name: Allow DNS Queries
protocol: TCP
portRange:
start: 53
end: 53
destination: 0.0.0.0/0
- name: Allow DNS Queries UDP
protocol: UDP
portRange:
start: 53
end: 53
destination: 0.0.0.0/0
key:
algorithm: RSA
bits: 4096
role:
enabled: true
instance:
enabled: true
count: 3
options:
name: "ubuntu"
ami:
eu-south-2: "ami-0ee19dcf57f09e938"
eu-west-1: "ami-0c1c30571d2dae5c9"
eu-west-2: "ami-0b9932f4918a00c4f"
eu-west-3: "ami-00c71bd4d220aa22a"
eu-central-1: "ami-023adaba598e661ac"
instance_type: "t3.large"
volumes:
size: 100
delete_on_termination: true
encrypted: true
internet_gateway:
enabled: true
options:
name: "ig"
# IMPORTANT-IG-ID: In case of using an existing internet gateway, remember to include the id in the routes for internet access resources.route_table.options.routes[0].target
nat_gateway:
enabled: true
options:
name: "nat"
elastic_ip: true
route_table:
enabled: true
options:
name: "rt"
public:
routes:
# For any additional routes, it only needs to be set as another element of the list with the details of name, type, destination and target.
- name: to internet gateway
type: gateway_id
destination: 0.0.0.0/0
# If internet gateway creation is enabled and target is "playbook", it will use the id of the current generated internet gateway id.
# Otherwise an internet gateway id must be specified here (Check # IMPORTANT-IG-ID).
target: playbook
private:
routes:
# For any additional routes, it only needs to be set as another element of the list with the details of name, type, destination and target.
- name: to nat gateway
type: gateway_id
destination: 0.0.0.0/0
# If nat gateway creation is enabled and target is "playbook", it will use the id of the current generated nat gateway id.
# Otherwise an internet gateway id must be specified here (Check # IMPORTANT-IG-ID).
target: playbook
dns_resolver:
enabled: true
options:
dns_servers:
- "10.15.1.35"
- "10.15.2.35"
vpn:
enabled: true
domain: example.com
organization: Example
cidr: 10.0.0.0/16
# Instances utils configuration
target: ubuntu_22_04
utils:
python:
enabled: false
version: "3.12"
crio:
enabled: true
version: "1.27"
os: "xUbuntu_22.04"
aws:
enabled: false
azure:
enabled: false
gcloud:
enabled: false
docker:
enabled: false
version: "20.10.11"
kubernetes:
version: "1.27.0"
enabled: false
kubectl: false
kubeadm: false
kubelet: false
jq_yq:
enabled: false
helm:
enabled: false
addOns:
createNamespaces: true
namespaces:
- apps
- datastorage
- monitoring
cni:
calico:
enabled: true
version: "v3.27.3"
cidr: "192.168.0.0/16"
storageClass:
enabled: false
name: gp2
provisioner: kubernetes.io/aws-ebs
# Only accept valid parameters
# It will variate depending on the target cloud.
# This configuration is for aws
# If no parameters desired, an empty dict should be passed {}
parameters:
fsType: ext4
# Double Quotes MUST be used in booleans
entrypted: "true"
type: gp2