diff --git a/elasticache.tf b/elasticache.tf index f3b2af5..ab46eb1 100644 --- a/elasticache.tf +++ b/elasticache.tf @@ -1,10 +1,10 @@ resource "aws_elasticache_subnet_group" "elasticache_subnet" { - name = "app-4-cache-subnet" - subnet_ids = [for subnet in aws_subnet.private : subnet.id] + name = "${var.name}-cache-subnet" + subnet_ids = [for subnet in module.vpc.private_subnets : subnet.id] } resource "aws_secretsmanager_secret" "elasticache_auth" { - name = "app-4-elasticache-auth" + name = "${var.name}-elasticache-auth" recovery_window_in_days = 0 kms_key_id = aws_kms_key.encryption_secret.id #checkov:skip=CKV2_AWS_57: Disabled Secrets Manager secrets automatic rotation @@ -18,8 +18,8 @@ resource "aws_secretsmanager_secret_version" "auth" { resource "aws_elasticache_replication_group" "app4" { automatic_failover_enabled = true subnet_group_name = aws_elasticache_subnet_group.elasticache_subnet.name - replication_group_id = var.replication_group_id - description = "ElastiCache cluster for app4" + replication_group_id = var.name + description = "ElastiCache cluster for ${var.name}" node_type = "cache.t2.small" parameter_group_name = "default.redis7.cluster.on" port = 6379 diff --git a/network.tf b/network.tf index 4d6f623..5a181b1 100644 --- a/network.tf +++ b/network.tf @@ -1,56 +1,13 @@ -# https://docs.aws.amazon.com/glue/latest/dg/set-up-vpc-dns.html -resource "aws_vpc" "this" { - cidr_block = var.vpc_cidr - # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc#enable_dns_support - enable_dns_support = true - # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc#enable_dns_hostnames - enable_dns_hostnames = true - #checkov:skip=CKV2_AWS_11: Not creating a flow log for this VPC - tags = { - "Name" = "app-4" - } -} -data "aws_availability_zones" "available" { - state = "available" -} -resource "aws_subnet" "private" { - count = length(var.subnet_cidr_private) - vpc_id = aws_vpc.this.id - cidr_block = var.subnet_cidr_private[count.index] - availability_zone = data.aws_availability_zones.available.names[(count.index) % length(data.aws_availability_zones.available.names)] - tags = { - "Name" = "app-4-private-${count.index + 1}" - } -} -resource "aws_subnet" "public" { - count = length(var.subnet_cidr_public) - vpc_id = aws_vpc.this.id - cidr_block = var.subnet_cidr_public[count.index] - availability_zone = data.aws_availability_zones.available.names[(count.index) % length(data.aws_availability_zones.available.names)] - tags = { - "Name" = "app-4-public-${count.index + 1}" - } -} -resource "aws_route_table" "private" { - count = length(var.subnet_cidr_private) - vpc_id = aws_vpc.this.id - tags = { - "Name" = "app-4-private-route-table-${count.index + 1}" - } -} -resource "aws_route_table" "public" { - vpc_id = aws_vpc.this.id - tags = { - "Name" = "app-4-public" - } -} -resource "aws_route_table_association" "private" { - count = length(var.subnet_cidr_private) - subnet_id = element(aws_subnet.private.*.id, count.index) - route_table_id = aws_route_table.private[count.index].id -} -resource "aws_route_table_association" "public" { - count = length(var.subnet_cidr_public) - subnet_id = element(aws_subnet.public.*.id, count.index) - route_table_id = aws_route_table.public.id +module "vpc" { + #CKV_TF_1: Ensure Terraform module sources use a commit hash + #checkov:skip=CKV_TF_1: This is a self hosted module where the version number is tagged rather than the commit hash. + source = "github.com/kunduso/terraform-aws-vpc?ref=v1.0.1" + region = var.region + vpc_cidr = var.vpc_cidr + enable_dns_support = "true" + enable_dns_hostnames = "true" + vpc_name = "app-4" + subnet_cidr_private = var.subnet_cidr_private + subnet_cidr_public = var.subnet_cidr_public + enable_flow_log = "true" } \ No newline at end of file