Skip to content
This repository has been archived by the owner on Oct 7, 2021. It is now read-only.

Commit

Permalink
Add templates (#4)
Browse files Browse the repository at this point in the history
* Add templates

* Render additional templates. Fmt code.

* fix typo

* Add boilerplate kops documentation

* Update README and add missing templates

* address CR

* Update geodesic and root modules

* upgrade geodesic

* Add email address to readme

* Update placeholders

* Update configs/root.tfvars

Co-Authored-By: osterman <[email protected]>

* subnet calcs
  • Loading branch information
osterman authored Jan 3, 2019
1 parent fa50b0d commit ac7d900
Show file tree
Hide file tree
Showing 29 changed files with 942 additions and 69 deletions.
7 changes: 5 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,10 @@ Get up and running quickly with one of our reference architectures using our ful
- [Table of Contents](#table-of-contents)
- [Known Limitations](#known-limitations)
- [High Level Overview](#high-level-overview)
- [Architecture](#architecture)
- [Architecture](#architecture)
- [Assumptions](#assumptions)
- [Checklist](#checklist)
- [Get Started](#get-started)
- [1. Provision Root Account](#1-provision-root-account)
- [2. Provision Subaccounts](#2-provision-subaccounts)
- [3. Delegate DNS](#3-delegate-dns)
Expand All @@ -39,7 +40,7 @@ When you're done, in the `repos/` directory you'll have one Git repo for each AW

See the [Next Steps](#next-steps) section for where to go after this process completes.

## Architecture
### Architecture

Our "reference architecture" is an opinionated approach to architecting accounts for AWS.

Expand Down Expand Up @@ -83,6 +84,8 @@ Before we get started, make sure you have the following
- [ ] An available domain we can use for DNS-base service discovery (E.g. `ourcompany.co`). This domain must not be in use elsewhere as the root account will need to be the authoritative name server (`SOA`).
- [ ] Ensure that any users who will be added during this bootstrap process have setup their [keybase](http://keybase.io) profile. You'll need this if setting them up in the `users` section of the [`config/root.tfvars`](https://github.com/cloudposse/reference-architectures/blob/master/configs/root.tfvars). For example you should be able to [verify their public key](https://keybase.io/osterman/key.asc) on `keybase.io` by running `curl https://keybase.io/$username/key.asc`.

## Get Started

### 1. Provision Root Account

The "root" account is the top-most AWS account from which all other AWS accounts are programmatically created.
Expand Down
19 changes: 12 additions & 7 deletions configs/audit.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -5,17 +5,22 @@ stage = "audit"
# List of templates to install
templates = [
"README.md",
"Dockerfile.child",
".gitignore",
".dockerignore",
"Makefile",
"conf/Makefile"
]
"Dockerfile.child",
".github/CODEOWNERS",
".github/ISSUE_TEMPLATE/feature-request.md",
".github/ISSUE_TEMPLATE/bug.md",
".github/PULL_REQUEST.md",
".editorconfig",
".gitignore",
".dockerignore",
"Makefile",
"conf/Makefile",
]

# List of terraform root modules to enable
terraform_root_modules = [
"aws/tfstate-backend",
"aws/account-dns",
"aws/chamber",
"aws/audit-cloudtrail"
"aws/audit-cloudtrail",
]
18 changes: 12 additions & 6 deletions configs/corp.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,24 @@ stage = "corp"
# List of templates to install
templates = [
"README.md",
"Dockerfile.child",
".gitignore",
".dockerignore",
"Makefile",
"Dockerfile.child",
".github/CODEOWNERS",
".github/ISSUE_TEMPLATE/feature-request.md",
".github/ISSUE_TEMPLATE/bug.md",
".github/PULL_REQUEST.md",
".editorconfig",
".gitignore",
".dockerignore",
"Makefile",
"conf/Makefile",
"conf/account-dns/terraform.tfvars"
"conf/account-dns/terraform.tfvars",
"docs/kops.md",
]

# List of terraform root modules to enable
terraform_root_modules = [
"aws/tfstate-backend",
"aws/account-dns",
"aws/chamber",
"aws/cloudtrail"
"aws/cloudtrail",
]
18 changes: 12 additions & 6 deletions configs/data.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,24 @@ stage = "data"
# List of templates to install
templates = [
"README.md",
"Dockerfile.child",
".gitignore",
".dockerignore",
"Makefile",
"Dockerfile.child",
".github/CODEOWNERS",
".github/ISSUE_TEMPLATE/feature-request.md",
".github/ISSUE_TEMPLATE/bug.md",
".github/PULL_REQUEST.md",
".editorconfig",
".gitignore",
".dockerignore",
"Makefile",
"conf/Makefile",
"conf/account-dns/terraform.tfvars"
"conf/account-dns/terraform.tfvars",
"docs/kops.md",
]

# List of terraform root modules to enable
terraform_root_modules = [
"aws/tfstate-backend",
"aws/account-dns",
"aws/chamber",
"aws/cloudtrail"
"aws/cloudtrail",
]
17 changes: 11 additions & 6 deletions configs/dev.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,23 @@ stage = "dev"
# List of templates to install
templates = [
"README.md",
"Dockerfile.child",
".gitignore",
".dockerignore",
"Makefile",
"Dockerfile.child",
".github/CODEOWNERS",
".github/ISSUE_TEMPLATE/feature-request.md",
".github/ISSUE_TEMPLATE/bug.md",
".github/PULL_REQUEST.md",
".editorconfig",
".gitignore",
".dockerignore",
"Makefile",
"conf/Makefile",
"conf/account-dns/terraform.tfvars"
"conf/account-dns/terraform.tfvars",
]

# List of terraform root modules to enable
terraform_root_modules = [
"aws/tfstate-backend",
"aws/account-dns",
"aws/chamber",
"aws/cloudtrail"
"aws/cloudtrail",
]
18 changes: 12 additions & 6 deletions configs/prod.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,24 @@ stage = "prod"
# List of templates to install
templates = [
"README.md",
"Dockerfile.child",
".gitignore",
".dockerignore",
"Makefile",
"Dockerfile.child",
".github/CODEOWNERS",
".github/ISSUE_TEMPLATE/feature-request.md",
".github/ISSUE_TEMPLATE/bug.md",
".github/PULL_REQUEST.md",
".editorconfig",
".gitignore",
".dockerignore",
"Makefile",
"conf/Makefile",
"conf/account-dns/terraform.tfvars"
"conf/account-dns/terraform.tfvars",
"docs/kops.md",
]

# List of terraform root modules to enable
terraform_root_modules = [
"aws/tfstate-backend",
"aws/account-dns",
"aws/chamber",
"aws/cloudtrail"
"aws/cloudtrail",
]
21 changes: 16 additions & 5 deletions configs/root.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,23 @@ namespace = "test"
# The default region for this account
aws_region = "us-west-2"

# Network CIDR of Organization
org_network_cidr = "10.0.0.0/8"
org_network_offset = 100
org_network_newbits = 8 # = /16

# The docker registry that will be used for the images built (nothing will get pushed)
docker_registry = "cloudposse"

# The templates to use for this account
templates = [
"README.md",
"Dockerfile.root",
".github/CODEOWNERS",
".github/ISSUE_TEMPLATE/feature-request.md",
".github/ISSUE_TEMPLATE/bug.md",
".github/PULL_REQUEST.md",
".editorconfig",
".gitignore",
".dockerignore",
"Makefile",
Expand All @@ -24,6 +34,7 @@ templates = [
"conf/bootstrap/terraform.tfvars",
"conf/iam/terraform.tfvars",
"conf/root-dns/terraform.tfvars",
"conf/users/terraform.tfvars"
]

# Account email address format (e.g. `ops+%[email protected]`). This is not easily changed later.
Expand All @@ -37,21 +48,21 @@ accounts_enabled = [
"testing",
"data",
"corp",
"audit"
"audit",
]

# Administrator IAM usernames mapped to their keybase usernames for password encryption
users = {
"[email protected]" = "osterman"
# "[email protected]" = "osterman"
}

# Terraform Root Modules Image (don't change this unless you know what you're doing)
# Project: https://github.com/cloudposse/terraform-root-modules
terraform_root_modules_image = "cloudposse/terraform-root-modules:0.14.3"
terraform_root_modules_image = "cloudposse/terraform-root-modules:0.18.1"

# Geodesic Base Image (don't change this unless you know what you're doing)
# Project: https://github.com/cloudposse/geodesic
geodesic_base_image = "cloudposse/geodesic:0.49.0"
geodesic_base_image = "cloudposse/geodesic:0.56.0"

# List of terraform root modules to enable
terraform_root_modules = [
Expand All @@ -63,7 +74,7 @@ terraform_root_modules = [
"aws/root-iam",
"aws/iam",
"aws/users",
"aws/cloudtrail"
"aws/cloudtrail",
]

# Message of the Day
Expand Down
18 changes: 12 additions & 6 deletions configs/staging.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,24 @@ stage = "staging"
# List of templates to install
templates = [
"README.md",
"Dockerfile.child",
".gitignore",
".dockerignore",
"Makefile",
"Dockerfile.child",
".github/CODEOWNERS",
".github/ISSUE_TEMPLATE/feature-request.md",
".github/ISSUE_TEMPLATE/bug.md",
".github/PULL_REQUEST.md",
".editorconfig",
".gitignore",
".dockerignore",
"Makefile",
"conf/Makefile",
"conf/account-dns/terraform.tfvars"
"conf/account-dns/terraform.tfvars",
"docs/kops.md",
]

# List of terraform root modules to enable
terraform_root_modules = [
"aws/tfstate-backend",
"aws/account-dns",
"aws/chamber",
"aws/cloudtrail"
"aws/cloudtrail",
]
18 changes: 12 additions & 6 deletions configs/testing.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,24 @@ stage = "testing"
# List of templates to install
templates = [
"README.md",
"Dockerfile.child",
".gitignore",
".dockerignore",
"Makefile",
"Dockerfile.child",
".github/CODEOWNERS",
".github/ISSUE_TEMPLATE/feature-request.md",
".github/ISSUE_TEMPLATE/bug.md",
".github/PULL_REQUEST.md",
".editorconfig",
".gitignore",
".dockerignore",
"Makefile",
"conf/Makefile",
"conf/account-dns/terraform.tfvars"
"conf/account-dns/terraform.tfvars",
"docs/kops.md",
]

# List of terraform root modules to enable
terraform_root_modules = [
"aws/tfstate-backend",
"aws/account-dns",
"aws/chamber",
"aws/cloudtrail"
"aws/cloudtrail",
]
11 changes: 10 additions & 1 deletion modules/child/main.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,12 @@
locals {
context = {
# Used by `README.md`
account_email_address = "${format(var.account_email, var.stage)}"
}

vars = "${merge(var.vars, local.context)}"
}

module "account" {
source = "../../modules/account"
dirs = "${var.dirs}"
Expand All @@ -11,7 +20,7 @@ module "account" {
image_tag = "${var.image_tag}"
templates = "${var.templates}"
dirs = "${var.dirs}"
vars = "${var.vars}"
vars = "${local.vars}"
strip = "${var.strip}"
artifacts_dir = "${var.artifacts_dir}"
repos_dir = "${var.repos_dir}"
Expand Down
4 changes: 3 additions & 1 deletion modules/child/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ variable "image_tag" {
default = "latest"
}

variable "account_email" {}

variable "templates" {
type = "list"
}
Expand All @@ -37,7 +39,7 @@ variable "strip" {
}

variable "networks" {
type = "map"
type = "map"
default = {}
}

Expand Down
4 changes: 2 additions & 2 deletions modules/docker-build/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ variable "dockerfile" {
# NOTE: this variable won't actually be used for anything and the actual `depends_on` keyword
# in terraform does not support interpolation.
variable "depends_on" {
type = "list"
type = "list"
description = "Define a list of variables that this module depends on in order to force serialized execution."
default = []
default = []
}
5 changes: 2 additions & 3 deletions modules/export-env/main.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@

locals {
keys = "${keys(var.env)}"
keys = "${keys(var.env)}"
values = "${values(var.env)}"
}

Expand All @@ -16,7 +15,7 @@ data "null_data_source" "envs" {
locals {
export = {
encoded = "${format(var.template, join("\n", data.null_data_source.envs.*.outputs.encoded))}"
raw = "${format(var.template, join("\n", data.null_data_source.envs.*.outputs.raw))}"
raw = "${format(var.template, join("\n", data.null_data_source.envs.*.outputs.raw))}"
}
}

Expand Down
4 changes: 2 additions & 2 deletions modules/init-dirs/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ variable "dirs" {
# NOTE: this variable won't actually be used for anything and the actual `depends_on` keyword
# in terraform does not support interpolation.
variable "depends_on" {
type = "list"
type = "list"
description = "Define a list of variables that this module depends on in order to force serialized execution."
default = []
default = []
}
4 changes: 2 additions & 2 deletions modules/render/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ variable "strip" {
# NOTE: this variable won't actually be used for anything and the actual `depends_on` keyword
# in terraform does not support interpolation.
variable "depends_on" {
type = "list"
type = "list"
description = "Define a list of variables that this module depends on in order to force serialized execution."
default = []
default = []
}
Loading

0 comments on commit ac7d900

Please sign in to comment.