rewind master to 4.5.6 tag

Author: usrbinkat

DISCLAIMER.md

@@ -0,0 +1,107 @@
+# Development-IaC
+
+== Summary
+This terraform play is designed to create a working development VPC for the user. It will create the following resources:
+
+- Three Public subnets
+- Three Private subnets "no nat to simulate airgapped"
+- s3 vpc_endpoint
+- ec2 vpc_endpoint
+- elb vpc_endpoint
+- Route 53 private zone
+- Security Groups
+- Bastion ec2 Instance
+- Registry ec2 Instance
+
+== Requirement
+- Setup your aws credentials 
+
+== Setup the variable file
+.Table Mandatory Variables
+|===
+| Variable   | Default | Comments (type)
+
+|aws_ssh_key
+|abc
+|AWS user key name
+
+|ssh_public_key
+|string
+|Public ssh key. Can be drived from cat /home/ec2-user/authorized_keys
+
+|rhcos_ami
+|ami-XXXXXXXX
+|RH CoreOS AMI ID
+
+|vpc_id
+|vpc-name
+|The vpc name
+
+|cluster_name
+|cluster
+|The cluster name
+
+|cluster_domain
+|example.io
+|The cluster domain
+
+|cidr_blocks
+|10.0.0.0/16
+|Any private cidr scheme
+
+|aws_region
+|us-gov-west-1
+|Aws region
+
+|default_tag
+|
+|Leave blank it will us the cluster_name to set tags
+
+|aws_azs
+|"a", "b", "c"
+|This will align with the aws availability zones
+
+|aws_availability_zones
+|us-gov-west-1a
+|This is the AZ for the public subnet
+
+|vpc_private_subnet_cidrs
+|"10.0.1.0/24","10.0.2.0/24","10.0.3.0/24
+|Private CIDR block
+
+|vpc_public_subnet_cidr
+|10.0.7.0/26", "10.0.8.0/26", "10.0.9.0/26"
+|Public CIDR block
+
+|===
+
+== Prereqs
+
+The user will need to provide the following:
+
+- Aws ssh key for the bastion
+- AMI Ids for Rhel 8 and Rhcos images
+
+== Step 1
+Download the git to your local machine:
+```
+git clone https://github.com/CodeSparta/devkit-vpc.git
+cd devkit-vpc
+- Setup your variables.tf
+vi variables.tf
+
+- exec into the container and deploy
+bash tools/dev.sh
+./devkit-build-vpc.sh -vv -e aws_access_key=xxxxxxxxxxxxx -e aws_secret_key=XXXXXXXXXXXXXXXXX -e aws_cloud_region=us-gov-west-1
+    
+
+```
+
+== Step 2
+To destroy the IaC run:
+```
+cd into git repo
+bash tools/dev.sh
+./breakdown.yml -vv
+```
+All resources not created from the IaC must be deleted prior to destroying the vpc.

README.adoc

@@ -2,12 +2,12 @@ data "aws_vpc" "cluster_vpc" {
   id =  var.vpc_id
 }
 
-data "aws_subnet_ids" "private" {
+data "aws_subnet_ids" "public" {
   vpc_id = data.aws_vpc.cluster_vpc.id
 
   filter {
     name 	= "tag:Name"
-    values	= ["*private*"]
+    values	= ["*public*"]
   }
 }
 
@@ -16,8 +16,8 @@ resource "random_id" "index" {
 }
 
 locals {
-  subnet_ids_list	= tolist(data.aws_subnet_ids.private.ids)
-  subnet_ids_random_index	= random_id.index.dec % length(data.aws_subnet_ids.private.ids)
+  subnet_ids_list	= tolist(data.aws_subnet_ids.public.ids)
+  subnet_ids_random_index	= random_id.index.dec % length(data.aws_subnet_ids.public.ids)
   instance_subnet_id		= local.subnet_ids_list[local.subnet_ids_random_index]
 }
 
@@ -34,7 +34,7 @@ resource "aws_instance" "registry-node" {
 
   root_block_device { volume_size = var.registry_volume }
   security_groups = var.registry_sg_ids
-  associate_public_ip_address = false
+  associate_public_ip_address = true
 
   tags = merge(
   var.default_tags,

README.md

@@ -157,26 +157,3 @@ resource "aws_vpc_endpoint" "elasticloadbalancing" {
     )
   )
 }
-
-data "aws_vpc_endpoint_service" "sts" {
-  service = "sts"
-}
-
-resource "aws_vpc_endpoint" "sts" {
-  vpc_id            = aws_vpc.cluster_vpc.id
-  service_name      = data.aws_vpc_endpoint_service.sts.service_name
-  vpc_endpoint_type = "Interface"
-  private_dns_enabled = true
-
-  security_group_ids = [
-  aws_security_group.private_ec2_api.id
-]
-
-  subnet_ids =  aws_subnet.pri_subnet.*.id
-  tags =  merge(
-  var.default_tags,
-  map(
-    "Name",  "${var.cluster_name}-sts-vpce"
-    )
-  )
-}