New AWS Multi Account ready setup with a better approach (#22)

* Delete unused files and update infrastructure diagram to match the new multi-account setup * terraform-docs: automated action * Update backend.tf for prod and staging environments * Update AWS region to us-west-2 * Remove 'stage' variable from module 'label' * Update label_order in context.tf * Update VPC CIDR block * Update module source paths * terraform-docs: automated action * Remove unused Terraform files and modules * Update working directory in tf-docs.yml * Rebuild --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
nanlabs · Dec 14, 2023 · adbbd38 · adbbd38
1 parent 26ee7ea
commit adbbd38
Show file tree

Hide file tree

Showing 29 changed files with 626 additions and 155 deletions.
diff --git a/.github/workflows/tf-docs.yml b/.github/workflows/tf-docs.yml
@@ -24,7 +24,7 @@ jobs:
       - name: Render terraform docs inside modules
         uses: terraform-docs/[email protected]
         with:
-          working-dir: modules/amplify-app,modules/rds,modules/vpc,modules/bastion,live/core
+          working-dir: modules/amplify-app,modules/rds,modules/vpc,modules/bastion,live/prod/us-west-2/app,live/staging/us-west-2/app
           output-file: docs/MODULE.md
           output-method: replace
           git-push: "true"
diff --git a/README.md b/README.md
@@ -13,8 +13,8 @@ Welcome to the Terraform AWS Starter Kit! This comprehensive and robust starter
 The Terraform AWS Starter Kit solves the most challenging aspect of AWS infrastructure building by providing a powerful solution for our clients. Our goal is to simplify the process of setting up a reliable and scalable AWS environment, allowing you to focus on developing and deploying your applications swiftly and confidently.
 
 <picture>
-  <source media="(prefers-color-scheme: dark)" alt="" align="right" width="400px" srcset="./tools/dac/live_core_infrastructure.png"/>
-  <img alt="" align="right" width="400px" src="./tools/dac/live_core_infrastructure.png"/>
+  <source media="(prefers-color-scheme: dark)" alt="" align="right" width="400px" srcset="./tools/dac/live_prod_infrastructure.png"/>
+  <img alt="" align="right" width="400px" src="./tools/dac/live_prod_infrastructure.png"/>
 </picture>
 
 ## Key Features
@@ -60,15 +60,20 @@ We welcome contributions and feedback to improve this starter kit further, makin
 
 ## Quick Start
 
-To get started quickly, navigate to the [`live/core`](./live/core) directory and follow the instructions in the [README](./live/core/README.md). This directory contains the Terraform root module for our core infrastructure, including Terraform variables and backend configuration. Additionally, we provide post-deployment steps in the [README](./live/core/README.md#post-deployment-steps) to help you test the setup and get familiar with the infrastructure.
+Check the [Live Infrastructure](#live-infrastructure) section for more information about existing infrastructure modules and how to use them.
+
+Once you have chosen the infrastructure module you want to use, move to the module directory and follow the instructions in the README file.
 
 ## Live Infrastructure
 
 The `live` directory houses our live infrastructure. This is where you'll find our Terraform variables, backend configuration, and Terraform root modules.
 
-| Module                                       | Description                                        |
-| :------------------------------------------- | :------------------------------------------------- |
-| [Core Infrastructure](./live/core/README.md) | Terraform root module for our core infrastructure. |
+It is recommended to create a separate directory for each environment (e.g., `dev`, `staging`, `prod`) and region (e.g., `us-east-1`, `us-west-2`, `eu-west-1`). This allows you to easily manage and deploy your infrastructure.
+
+| Module                                                                           | Description                                           |
+| :------------------------------------------------------------------------------- | :---------------------------------------------------- |
+| [Prod App Infrastructure (us-west-2)](./live/prod/us-west-2/app/README.md)       | Terraform root module for our prod infrastructure.    |
+| [Staging App Infrastructure (us-west-2)](./live/staging/us-west-2/app/README.md) | Terraform root module for our staging infrastructure. |
 
 ## Terraform Modules
 

diff --git a/live/core/configs/prod.us-west-2.tfvars b/live/core/configs/prod.us-west-2.tfvars
diff --git a/live/core/context.tf b/live/core/context.tf
diff --git a/live/core/variables.tf b/live/core/variables.tf
diff --git a/live/core/.terraform.lock.hcl → live/prod/us-west-2/app/.terraform.lock.hcl b/live/core/.terraform.lock.hcl → live/prod/us-west-2/app/.terraform.lock.hcl
diff --git a/live/core/README.md → live/prod/us-west-2/app/README.md b/live/core/README.md → live/prod/us-west-2/app/README.md
@@ -1,4 +1,4 @@
-# Core Infrastructure
+# Prod Infrastructure (us-west-2)
 
 🏢 This directory contains the infrastructure as code for our cloud infrastructure. It provides a ready-to-use Terraform module with various features. Follow the steps below to get started.
 
@@ -32,21 +32,12 @@ tfswitch
 terraform init
 ```
 
-2. Switch to a workspace:
-
-```sh
-# Switch to the another workspace or create it if it doesn't exist
-terraform workspace select -or-create prod
-```
-
 ## Deploy
 
-🚀 **NOTE:** In this example, we are using the `prod` environment and the `us-west-2` region. Modify these values according to your environment and region.
-
 1. Plan the deployment:
 
 ```sh
-terraform plan -var-file ./configs/prod.us-west-2.tfvars -out ./prod.tfplan
+terraform plan -out ./prod.tfplan
 ```
 
 2. Apply the deployment:
@@ -74,12 +65,10 @@ git push
 
 ## Destroy
 
-💣 **NOTE:** In this example, we are using the `prod` environment and the `us-west-2` region. Modify these values according to your environment and region.
-
 To destroy the infrastructure, run the following command:
 
 ```sh
-terraform destroy -var-file ./configs/prod.us-west-2.tfvars
+terraform destroy
 ```
 
 ## Post Deployment Steps

diff --git a/live/core/backend.tf → live/prod/us-west-2/app/backend.tf b/live/core/backend.tf → live/prod/us-west-2/app/backend.tf
@@ -6,16 +6,14 @@ module "terraform_state_backend" {
   source  = "cloudposse/tfstate-backend/aws"
   version = "1.1.1"
 
-  # Avoid creating anything within if we are not in the workspace "default" and "prod".
-  enabled = contains(["default", "prod"], terraform.workspace)
-
-  name       = module.label.name
-  namespace  = module.label.namespace
-  attributes = ["state"]
+  name        = module.label.name
+  namespace   = module.label.namespace
+  environment = module.label.environment
+  attributes  = ["state"]
 
   terraform_backend_config_file_path = "."
   terraform_backend_config_file_name = "s3-backend.tf"
-  terraform_state_file               = "${module.label.namespace}-${module.label.name}.tfstate"
+  terraform_state_file               = "${module.label.id}.tfstate"
 
   bucket_enabled   = true
   dynamodb_enabled = true

diff --git a/live/core/bastion.tf → live/prod/us-west-2/app/bastion.tf b/live/core/bastion.tf → live/prod/us-west-2/app/bastion.tf
@@ -1,30 +1,30 @@
-variable "enable_bastion" {
-  type        = bool
-  description = "Enable bastion host"
-  default     = false
+locals {
+  bastion = {
+    enable = true
+  }
 }
 
 module "bastion" {
-  count = var.enable_bastion ? 1 : 0
+  count = local.bastion.enable ? 1 : 0
 
-  source                       = "../../modules/bastion"
+  source                       = "../../../../modules/bastion"
   name                         = "${module.label.id}-bastion"
   vpc_id                       = module.vpc.vpc_id
   subnets                      = module.vpc.public_subnets
   associate_public_ip_address  = true
-  associate_elastic_ip_address = false
+  associate_elastic_ip_address = true
   tags                         = module.label.tags
 }
 
 output "bastion_instance_id" {
-  value = var.enable_bastion ? module.bastion[0].instance_id : null
+  value = local.bastion.enable ? module.bastion[0].instance_id : null
 }
 
 output "bastion_instance_profile" {
-  value = var.enable_bastion ? module.bastion[0].instance_profile : null
+  value = local.bastion.enable ? module.bastion[0].instance_profile : null
 }
 
 output "ssm_parameter_bastion_ssh_key" {
   description = "name of the ssm parameter for the bastion ssh key"
-  value       = var.enable_bastion ? module.bastion[0].ssm_parameter_ssh_key : null
+  value       = local.bastion.enable ? module.bastion[0].ssm_parameter_ssh_key : null
 }
diff --git a/live/prod/us-west-2/app/context.tf b/live/prod/us-west-2/app/context.tf
@@ -0,0 +1,34 @@
+locals {
+  context = {
+    name        = "app"
+    namespace   = "nan"
+    environment = "prod"
+    tags = {
+      "Terraform"   = "true"
+      "Environment" = "prod"
+    }
+  }
+}
+
+data "aws_caller_identity" "aws" {}
+
+locals {
+  tf_tags = {
+    Terraform = true,
+    By        = data.aws_caller_identity.aws.arn
+  }
+}
+
+// Keep labels, tags consistent
+module "label" {
+  source  = "cloudposse/label/null"
+  version = "0.25.0"
+
+  name        = local.context.name
+  environment = local.context.environment
+  namespace   = local.context.namespace
+
+  delimiter   = "-"
+  label_order = ["namespace", "environment", "name", "attributes"]
+  tags        = merge(local.context.tags, local.tf_tags)
+}
diff --git a/live/core/docs/MODULE.md → live/prod/us-west-2/app/docs/MODULE.md b/live/core/docs/MODULE.md → live/prod/us-west-2/app/docs/MODULE.md
@@ -16,11 +16,11 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_bastion"></a> [bastion](#module\_bastion) | ../../modules/bastion | n/a |
-| <a name="module_exampledb"></a> [exampledb](#module\_exampledb) | ../../modules/rds | n/a |
+| <a name="module_bastion"></a> [bastion](#module\_bastion) | ../../../../modules/bastion | n/a |
+| <a name="module_exampledb"></a> [exampledb](#module\_exampledb) | ../../../../modules/rds | n/a |
 | <a name="module_label"></a> [label](#module\_label) | cloudposse/label/null | 0.25.0 |
 | <a name="module_terraform_state_backend"></a> [terraform\_state\_backend](#module\_terraform\_state\_backend) | cloudposse/tfstate-backend/aws | 1.1.1 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | ../../modules/vpc | n/a |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | ../../../../modules/vpc | n/a |
 
 ## Resources
 
@@ -30,18 +30,7 @@
 
 ## Inputs
 
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_enable_bastion"></a> [enable\_bastion](#input\_enable\_bastion) | Enable bastion host | `bool` | `false` | no |
-| <a name="input_environment"></a> [environment](#input\_environment) | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | `string` | `"development"` | no |
-| <a name="input_example_db_master_username"></a> [example\_db\_master\_username](#input\_example\_db\_master\_username) | The username for the master DB user | `string` | `"root"` | no |
-| <a name="input_example_db_name"></a> [example\_db\_name](#input\_example\_db\_name) | The name of the database to create | `string` | `"mydb"` | no |
-| <a name="input_name"></a> [name](#input\_name) | Name to use for servers, tags, etc | `string` | `"name"` | no |
-| <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `"development"` | no |
-| <a name="input_region"></a> [region](#input\_region) | AWS region | `string` | `"us-west-2"` | no |
-| <a name="input_stage"></a> [stage](#input\_stage) | Stage, e.g. 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | Any extra tags to assign to objects | `map(any)` | `{}` | no |
-| <a name="input_vpc_cidr_block"></a> [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | CIDR block for the VPC | `string` | `"10.0.0.0/16"` | no |
+No inputs.
 
 ## Outputs
 

diff --git a/live/core/example-rds-instance.tf → ...rod/us-west-2/app/example-rds-instance.tf b/live/core/example-rds-instance.tf → ...rod/us-west-2/app/example-rds-instance.tf
@@ -1,25 +1,20 @@
-variable "example_db_name" {
-  description = "The name of the database to create"
-  type        = string
-  default     = "mydb"
-}
-
-variable "example_db_master_username" {
-  description = "The username for the master DB user"
-  type        = string
-  default     = "root"
+locals {
+  exampledb = {
+    db_name            = "mydb"
+    db_master_username = "myuser"
+  }
 }
 
 module "exampledb" {
-  source = "../../modules/rds"
+  source = "../../../../modules/rds"
 
   name = "${module.label.id}-exampledb"
 
   vpc_id          = module.vpc.vpc_id
   db_subnet_group = module.vpc.database_subnet_group
 
-  db_name            = var.example_db_name
-  db_master_username = var.example_db_master_username
+  db_name            = local.exampledb.db_name
+  db_master_username = local.exampledb.db_master_username
   db_port            = 5432
 
   allocated_storage = 20

diff --git a/live/core/main.tf → live/prod/us-west-2/app/main.tf b/live/core/main.tf → live/prod/us-west-2/app/main.tf
@@ -1,5 +1,5 @@
 provider "aws" {
-  region = var.region
+  region = "us-west-2"
 
   default_tags {
     tags = {

diff --git a/live/core/outputs.tf → live/prod/us-west-2/app/outputs.tf b/live/core/outputs.tf → live/prod/us-west-2/app/outputs.tf
diff --git a/live/core/versions.tf → live/prod/us-west-2/app/versions.tf b/live/core/versions.tf → live/prod/us-west-2/app/versions.tf
diff --git a/live/core/vpc.tf → live/prod/us-west-2/app/vpc.tf b/live/core/vpc.tf → live/prod/us-west-2/app/vpc.tf
@@ -1,13 +1,7 @@
-variable "vpc_cidr_block" {
-  description = "CIDR block for the VPC"
-  type        = string
-  default     = "10.0.0.0/16"
-}
-
 module "vpc" {
-  source             = "../../modules/vpc"
+  source             = "../../../../modules/vpc"
   name               = module.label.id
-  vpc_cidr_block     = var.vpc_cidr_block
+  vpc_cidr_block     = "10.0.0.0/16"
   tags               = module.label.tags
   enable_nat_gateway = true
   single_nat_gateway = true