From 1a8c956e3be8f55bc05df5f55c45c5ca158da07b Mon Sep 17 00:00:00 2001 From: Sang Huynh Thanh Date: Sun, 21 Jan 2024 16:27:14 +0700 Subject: [PATCH 1/4] [#33] Update missing Bastion's resources --- core/main.tf | 1 + modules/bastion/locals.tf | 9 +++++++++ modules/bastion/main.tf | 16 ++++++++++++++++ modules/bastion/variables.tf | 5 +++++ 4 files changed, 31 insertions(+) diff --git a/core/main.tf b/core/main.tf index 762618b..a61d7eb 100644 --- a/core/main.tf +++ b/core/main.tf @@ -118,5 +118,6 @@ module "bastion" { source = "../modules/bastion" environment = var.environment + subnet_ids = module.vpc.public_subnet_ids instance_security_group_ids = module.security_group.bastion_security_group_ids } diff --git a/modules/bastion/locals.tf b/modules/bastion/locals.tf index 6fb5d6f..d1c9d98 100644 --- a/modules/bastion/locals.tf +++ b/modules/bastion/locals.tf @@ -6,4 +6,13 @@ locals { # The instance type instance_type = "t3.nano" + + # The minimum number of instances + min_instance_count = 1 + + # The maximum number of instances + max_instance_count = 1 + + # The desired number of instances + instance_desired_count = 1 } diff --git a/modules/bastion/main.tf b/modules/bastion/main.tf index 927bc50..e2c88b6 100644 --- a/modules/bastion/main.tf +++ b/modules/bastion/main.tf @@ -24,3 +24,19 @@ resource "aws_launch_configuration" "bastion_instance" { encrypted = true } } + + +resource "aws_autoscaling_group" "bastion_instance" { + name = "${local.namespace}-instance" + min_size = local.min_instance_count + max_size = local.max_instance_count + desired_capacity = local.instance_desired_count + launch_configuration = aws_launch_configuration.bastion_instance.name + vpc_zone_identifier = var.subnet_ids + + tag { + key = "Name" + value = "${local.namespace}-instance" + propagate_at_launch = true + } +} diff --git a/modules/bastion/variables.tf b/modules/bastion/variables.tf index f5c2397..ae89b89 100644 --- a/modules/bastion/variables.tf +++ b/modules/bastion/variables.tf @@ -2,3 +2,8 @@ variable "instance_security_group_ids" { description = "The security group IDs for the instance" type = list(string) } + +variable "subnet_ids" { + description = "The subnet IDs for the instance" + type = list(string) +} From aa3314adb5653858a105e0d5c479da3451cdb0a3 Mon Sep 17 00:00:00 2001 From: Sang Huynh Thanh Date: Sun, 21 Jan 2024 16:30:00 +0700 Subject: [PATCH 2/4] Skip checkov --- modules/bastion/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/bastion/main.tf b/modules/bastion/main.tf index e2c88b6..5f0a42d 100644 --- a/modules/bastion/main.tf +++ b/modules/bastion/main.tf @@ -25,8 +25,8 @@ resource "aws_launch_configuration" "bastion_instance" { } } - resource "aws_autoscaling_group" "bastion_instance" { + #checkov:skip=CKV_AWS_315: Use EC2 launch template name = "${local.namespace}-instance" min_size = local.min_instance_count max_size = local.max_instance_count From 2c91786fe83c191f0afc3969d43b04ce5c5d03b8 Mon Sep 17 00:00:00 2001 From: Sang Huynh Thanh Date: Sun, 21 Jan 2024 16:42:06 +0700 Subject: [PATCH 3/4] Add IP --- core/locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/locals.tf b/core/locals.tf index 50f81ba..0a07560 100644 --- a/core/locals.tf +++ b/core/locals.tf @@ -18,7 +18,7 @@ locals { health_check_path = "/health" # The IP addresses allowed to connect to the bastion host - bastion_allowed_ip_connections = [] + bastion_allowed_ip_connections = ["115.74.38.114"] # The ECS configuration for the current environment current_ecs_config = local.ecs_config[var.environment] From 0b6151a7835c8cc18876a382d4a98158f7fa1b49 Mon Sep 17 00:00:00 2001 From: Sang Huynh Thanh Date: Fri, 15 Mar 2024 17:30:04 +0700 Subject: [PATCH 4/4] Update bucket name --- modules/s3/locals.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/s3/locals.tf b/modules/s3/locals.tf index 4c1c14e..14c2e72 100644 --- a/modules/s3/locals.tf +++ b/modules/s3/locals.tf @@ -1,9 +1,9 @@ locals { # The name of the bucket - asset_bucket_name = "${var.environment}-devops-ic-assets-bucket" + asset_bucket_name = "${var.environment}-devops-ic-asset-1-bucket" # The name of ALB log bucket - alb_log_bucket_name = "${var.environment}-devops-ic-alb-log-bucket" + alb_log_bucket_name = "${var.environment}-devops-ic-alb-log-1-bucket" # All objects should be deleted from the bucket when the bucket is destroyed force_destroy = true