Update version.tf and remove unuse variable (#51)

* feat: update version.tf and remove unuse variable

* feat: update version.tf and remove unuse variable

* feat: update version.tf and remove unuse variable

* feat: update github-action version and use locals in example

* feat: update gitinnore and acm version

* feat: update tf version

Author: theprashantyadav

.github/workflows/auto_assignee.yml

@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
 jobs:
   assign-pr:
-    uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.0.6
     secrets:
       GITHUB: ${{ secrets.GITHUB }}
     with:

.github/workflows/changelog.yml

@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
 jobs:
   call-workflow-changelog:
-    uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.0.6
     secrets: inherit
     with:
       branch: 'master'

.github/workflows/tf-checks.yml

@@ -6,10 +6,10 @@ on:
   workflow_dispatch:
 jobs:
   tf-checks-complete-example:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6
     with:
       working_directory: './_examples/complete/'
   tf-checks-basic-example:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6
     with:
       working_directory: './_examples/vpc_link_api/'

.github/workflows/tflint.yml

@@ -6,6 +6,6 @@ on:
   workflow_dispatch:
 jobs:
   tf-lint:
-    uses: clouddrove/test-tfsec/.github/workflows/tflint.yaml@master
+    uses: clouddrove/test-tfsec/.github/workflows/tflint.yaml@1.0.6
     secrets:
       GITHUB: ${{ secrets.GITHUB }}

.github/workflows/tfsec.yml

@@ -5,7 +5,7 @@ on:
   workflow_dispatch:
 jobs:
   tfsec:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.0.6
     secrets: inherit
     with:
       working_directory: '.'

_examples/complete/example.tf

@@ -5,17 +5,19 @@ provider "aws" {
   region = "eu-west-1"
 }
 
+locals {
+  name        = "api"
+  environment = "test"
+}
 ####----------------------------------------------------------------------------------
 ## This terraform module is designed to generate consistent label names and tags for resources.
 ####----------------------------------------------------------------------------------
 module "acm" {
   source  = "clouddrove/acm/aws"
-  version = "1.3.0"
-
-  name        = "certificate"
-  environment = "test"
-  label_order = ["name", "environment"]
+  version = "1.4.1"
 
+  name                      = local.name
+  environment               = local.environment
   enable_aws_certificate    = true
   domain_name               = "clouddrove.ca"
   subject_alternative_names = ["*.clouddrove.ca"]
@@ -30,15 +32,13 @@ module "lambda" {
   source  = "clouddrove/lambda/aws"
   version = "1.3.0"
 
-  name        = "lambda"
-  environment = "test"
-  label_order = ["name", "environment"]
-
-  enabled  = true
-  timeout  = 60
-  filename = "./lambda_packages"
-  handler  = "index.lambda_handler"
-  runtime  = "python3.8"
+  name        = local.name
+  environment = local.environment
+  enabled     = true
+  timeout     = 60
+  filename    = "./lambda_packages"
+  handler     = "index.lambda_handler"
+  runtime     = "python3.8"
   iam_actions = [
     "logs:CreateLogStream",
     "logs:CreateLogGroup",
@@ -72,10 +72,8 @@ module "lambda" {
 module "api_gateway" {
   source = "./../../"
 
-  name        = "api"
-  environment = "test"
-  label_order = ["environment", "name"]
-
+  name                        = local.name
+  environment                 = local.environment
   domain_name                 = "clouddrove.ca"
   domain_name_certificate_arn = module.acm.arn
   integration_uri             = module.lambda.arn

_examples/complete/outputs.tf

@@ -1,19 +1,19 @@
 output "api_id" {
-  value       = join("", module.api_gateway.*.api_id)
+  value       = join("", module.api_gateway[*].api_id)
   description = "The API identifier."
 }
 
 output "api_arn" {
-  value       = join("", module.api_gateway.*.api_arn)
+  value       = join("", module.api_gateway[*].api_arn)
   description = "The API arn."
 }
 
 output "api_endpoint" {
-  value       = join("", module.api_gateway.*.api_endpoint)
+  value       = join("", module.api_gateway[*].api_endpoint)
   description = "The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com."
 }
 
 output "invoke_url" {
-  value       = join("", module.api_gateway.*.invoke_url)
+  value       = join("", module.api_gateway[*].invoke_url)
   description = "URL to invoke the API pointing to the stage"
 }

_examples/complete/test-api.zip

@@ -0,0 +1,11 @@
+# Terraform version
+terraform {
+  required_version = ">= 1.6.1"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.20.0"
+    }
+  }
+}

_examples/complete/versions.tf

@@ -4,18 +4,23 @@
 provider "aws" {
   region = "eu-west-1"
 }
+
+locals {
+  vpc_cidr_block        = module.vpc.vpc_cidr_block
+  additional_cidr_block = "172.16.0.0/16"
+  name                  = "api"
+  environment           = "test"
+}
 ####----------------------------------------------------------------------------------
 ## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center.
 ####----------------------------------------------------------------------------------
 module "vpc" {
   source  = "clouddrove/vpc/aws"
   version = "2.0.0"
 
-  name        = "vpc"
-  environment = "test"
-  label_order = ["name", "environment"]
-
-  cidr_block = "172.16.0.0/16"
+  name        = local.name
+  environment = local.environment
+  cidr_block  = "172.16.0.0/16"
 }
 
 ####----------------------------------------------------------------------------------
@@ -24,12 +29,10 @@ module "vpc" {
 #tfsec:ignore:aws-ec2-no-public-ip-subnet
 module "public_subnets" {
   source  = "clouddrove/subnet/aws"
-  version = "1.3.0"
-
-  name        = "public-subnet"
-  environment = "test"
-  label_order = ["name", "environment"]
+  version = "2.0.0"
 
+  name               = local.name
+  environment        = local.environment
   availability_zones = ["eu-west-1b", "eu-west-1c"]
   vpc_id             = module.vpc.vpc_id
   cidr_block         = module.vpc.vpc_cidr_block
@@ -41,30 +44,103 @@ module "public_subnets" {
 ##----------------------------------------------------------------------------------
 ## Below module will create SECURITY-GROUP and its components.
 ##----------------------------------------------------------------------------------
-#tfsec:ignore:aws-ec2-no-public-ingress-sgr
-module "security_group" {
+
+# ################################################################################
+# Security Groups module call
+################################################################################
+
+module "ssh" {
+  source  = "clouddrove/security-group/aws"
+  version = "2.0.0"
+
+  name        = local.name
+  environment = local.environment
+  vpc_id      = module.vpc.vpc_id
+  new_sg_ingress_rules_with_cidr_blocks = [{
+    rule_count  = 1
+    from_port   = 22
+    protocol    = "tcp"
+    to_port     = 22
+    cidr_blocks = [local.vpc_cidr_block, local.additional_cidr_block]
+    description = "Allow ssh traffic."
+  }]
+
+  ## EGRESS Rules
+  new_sg_egress_rules_with_cidr_blocks = [{
+    rule_count  = 1
+    from_port   = 22
+    protocol    = "tcp"
+    to_port     = 22
+    cidr_blocks = [local.vpc_cidr_block, local.additional_cidr_block]
+    description = "Allow ssh outbound traffic."
+  }]
+}
+
+#tfsec:ignore:aws-ec2-no-public-egress-sgr
+module "http_https" {
   source  = "clouddrove/security-group/aws"
   version = "2.0.0"
 
-  name          = "security-group"
-  environment   = "test"
-  label_order   = ["environment", "name"]
-  vpc_id        = module.vpc.vpc_id
-  allowed_ip    = ["0.0.0.0/0"]
-  allowed_ports = [3306]
+  name        = local.name
+  environment = local.environment
+  vpc_id      = module.vpc.vpc_id
+  ## INGRESS Rules
+  new_sg_ingress_rules_with_cidr_blocks = [{
+    rule_count  = 1
+    from_port   = 22
+    protocol    = "tcp"
+    to_port     = 22
+    cidr_blocks = [local.vpc_cidr_block]
+    description = "Allow ssh traffic."
+    },
+    {
+      rule_count  = 2
+      from_port   = 80
+      protocol    = "tcp"
+      to_port     = 80
+      cidr_blocks = [local.vpc_cidr_block]
+      description = "Allow http traffic."
+    },
+    {
+      rule_count  = 3
+      from_port   = 443
+      protocol    = "tcp"
+      to_port     = 443
+      cidr_blocks = [local.vpc_cidr_block]
+      description = "Allow https traffic."
+    },
+    {
+      rule_count  = 3
+      from_port   = 3306
+      protocol    = "tcp"
+      to_port     = 3306
+      cidr_blocks = [local.vpc_cidr_block]
+      description = "Allow https traffic."
+    }
+  ]
+
+  ## EGRESS Rules
+  new_sg_egress_rules_with_cidr_blocks = [{
+    rule_count       = 1
+    from_port        = 0
+    protocol         = "-1"
+    to_port          = 0
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+    description      = "Allow all traffic."
+    }
+  ]
 }
 
 ####----------------------------------------------------------------------------------
 ## This terraform module is designed to generate consistent label names and tags for resources.
 ####----------------------------------------------------------------------------------
 module "acm" {
   source  = "clouddrove/acm/aws"
-  version = "1.3.0"
-
-  name        = "certificate"
-  environment = "test"
-  label_order = ["name", "environment"]
+  version = "1.4.1"
 
+  name                      = local.name
+  environment               = local.environment
   enable_aws_certificate    = true
   domain_name               = "clouddrove.ca"
   subject_alternative_names = ["*.clouddrove.ca"]
@@ -79,15 +155,13 @@ module "lambda" {
   source  = "clouddrove/lambda/aws"
   version = "1.3.0"
 
-  name        = "lambda"
-  environment = "test"
-  label_order = ["name", "environment"]
-
-  enabled  = true
-  timeout  = 60
-  filename = "./lambda_packages"
-  handler  = "index.lambda_handler"
-  runtime  = "python3.8"
+  name        = local.name
+  environment = local.environment
+  enabled     = true
+  timeout     = 60
+  filename    = "./lambda_packages"
+  handler     = "index.lambda_handler"
+  runtime     = "python3.8"
   iam_actions = [
     "logs:CreateLogStream",
     "logs:CreateLogGroup",
@@ -121,17 +195,15 @@ module "lambda" {
 module "api_gateway" {
   source = "./../../"
 
-  name        = "api"
-  environment = "test"
-  label_order = ["environment", "name"]
-
+  name                        = local.name
+  environment                 = local.environment
   domain_name                 = "clouddrove.ca"
   create_vpc_link_enabled     = true
   zone_id                     = "1`23456059QJZ25345678"
   integration_uri             = module.lambda.arn
   domain_name_certificate_arn = module.acm.arn
   subnet_ids                  = tolist(module.public_subnets.public_subnet_id)
-  security_group_ids          = [module.security_group.security_group_ids]
+  security_group_ids          = [module.ssh.security_group_id, module.http_https.security_group_id]
   cors_configuration = {
     allow_credentials = true
     allow_methods     = ["GET", "OPTIONS", "POST"]

_examples/vpc_link_api/example.tf

@@ -1,19 +1,19 @@
 output "api_id" {
-  value       = join("", module.api_gateway.*.api_id)
+  value       = join("", module.api_gateway[*].api_id)
   description = "The API identifier."
 }
 
 output "api_arn" {
-  value       = join("", module.api_gateway.*.api_arn)
+  value       = join("", module.api_gateway[*].api_arn)
   description = "The API arn."
 }
 
 output "api_endpoint" {
-  value       = join("", module.api_gateway.*.api_endpoint)
+  value       = join("", module.api_gateway[*].api_endpoint)
   description = "The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com."
 }
 
 output "invoke_url" {
-  value       = join("", module.api_gateway.*.invoke_url)
+  value       = join("", module.api_gateway[*].invoke_url)
   description = "URL to invoke the API pointing to the stage"
 }

_examples/vpc_link_api/outputs.tf

@@ -0,0 +1,11 @@
+# Terraform version
+terraform {
+  required_version = ">= 1.6.1"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.20.0"
+    }
+  }
+}