Merge pull request #473 from deathbywedgie/20200626_tag_enhancements
Variables for improved resource tagging
This commit is contained in:
Chris Long
@@ -8,11 +8,13 @@ provider "aws" {
|
|||||||
# Create a VPC to launch our instances into
|
# Create a VPC to launch our instances into
|
||||||
resource "aws_vpc" "default" {
|
resource "aws_vpc" "default" {
|
||||||
cidr_block = "192.168.0.0/16"
|
cidr_block = "192.168.0.0/16"
|
||||||
|
tags = var.custom-tags
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create an internet gateway to give our subnet access to the outside world
|
# Create an internet gateway to give our subnet access to the outside world
|
||||||
resource "aws_internet_gateway" "default" {
|
resource "aws_internet_gateway" "default" {
|
||||||
vpc_id = aws_vpc.default.id
|
vpc_id = aws_vpc.default.id
|
||||||
|
tags = var.custom-tags
|
||||||
}
|
}
|
||||||
|
|
||||||
# Grant the VPC internet access on its main route table
|
# Grant the VPC internet access on its main route table
|
||||||
@@ -28,6 +30,7 @@ resource "aws_subnet" "default" {
|
|||||||
cidr_block = "192.168.38.0/24"
|
cidr_block = "192.168.38.0/24"
|
||||||
availability_zone = var.availability_zone
|
availability_zone = var.availability_zone
|
||||||
map_public_ip_on_launch = true
|
map_public_ip_on_launch = true
|
||||||
|
tags = var.custom-tags
|
||||||
}
|
}
|
||||||
|
|
||||||
# Adjust VPC DNS settings to not conflict with lab
|
# Adjust VPC DNS settings to not conflict with lab
|
||||||
@@ -35,6 +38,7 @@ resource "aws_vpc_dhcp_options" "default" {
|
|||||||
domain_name = "windomain.local"
|
domain_name = "windomain.local"
|
||||||
domain_name_servers = concat([aws_instance.dc.private_ip], var.external_dns_servers)
|
domain_name_servers = concat([aws_instance.dc.private_ip], var.external_dns_servers)
|
||||||
netbios_name_servers = [aws_instance.dc.private_ip]
|
netbios_name_servers = [aws_instance.dc.private_ip]
|
||||||
|
tags = var.custom-tags
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_vpc_dhcp_options_association" "default" {
|
resource "aws_vpc_dhcp_options_association" "default" {
|
||||||
@@ -47,6 +51,7 @@ resource "aws_security_group" "logger" {
|
|||||||
name = "logger_security_group"
|
name = "logger_security_group"
|
||||||
description = "DetectionLab: Security Group for the logger host"
|
description = "DetectionLab: Security Group for the logger host"
|
||||||
vpc_id = aws_vpc.default.id
|
vpc_id = aws_vpc.default.id
|
||||||
|
tags = var.custom-tags
|
||||||
|
|
||||||
# SSH access
|
# SSH access
|
||||||
ingress {
|
ingress {
|
||||||
@@ -107,6 +112,7 @@ resource "aws_security_group" "windows" {
|
|||||||
name = "windows_security_group"
|
name = "windows_security_group"
|
||||||
description = "DetectionLab: Security group for the Windows hosts"
|
description = "DetectionLab: Security group for the Windows hosts"
|
||||||
vpc_id = aws_vpc.default.id
|
vpc_id = aws_vpc.default.id
|
||||||
|
tags = var.custom-tags
|
||||||
|
|
||||||
# RDP
|
# RDP
|
||||||
ingress {
|
ingress {
|
||||||
@@ -152,15 +158,16 @@ resource "aws_security_group" "windows" {
|
|||||||
resource "aws_key_pair" "auth" {
|
resource "aws_key_pair" "auth" {
|
||||||
key_name = var.public_key_name
|
key_name = var.public_key_name
|
||||||
public_key = file(var.public_key_path)
|
public_key = file(var.public_key_path)
|
||||||
|
tags = var.custom-tags
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_instance" "logger" {
|
resource "aws_instance" "logger" {
|
||||||
instance_type = "t3.medium"
|
instance_type = "t3.medium"
|
||||||
ami = coalesce(var.logger_ami, data.aws_ami.logger_ami.image_id)
|
ami = coalesce(var.logger_ami, data.aws_ami.logger_ami.image_id)
|
||||||
|
|
||||||
tags = {
|
tags = merge(var.custom-tags, map(
|
||||||
Name = "logger"
|
"Name", "${var.instance_name_prefix}logger"
|
||||||
}
|
))
|
||||||
|
|
||||||
subnet_id = aws_subnet.default.id
|
subnet_id = aws_subnet.default.id
|
||||||
vpc_security_group_ids = [aws_security_group.logger.id]
|
vpc_security_group_ids = [aws_security_group.logger.id]
|
||||||
@@ -222,9 +229,9 @@ resource "aws_instance" "dc" {
|
|||||||
# Uses the local variable if external data source resolution fails
|
# Uses the local variable if external data source resolution fails
|
||||||
ami = coalesce(var.dc_ami, data.aws_ami.dc_ami.image_id)
|
ami = coalesce(var.dc_ami, data.aws_ami.dc_ami.image_id)
|
||||||
|
|
||||||
tags = {
|
tags = merge(var.custom-tags, map(
|
||||||
Name = "dc.windomain.local"
|
"Name", "${var.instance_name_prefix}dc.windomain.local"
|
||||||
}
|
))
|
||||||
|
|
||||||
subnet_id = aws_subnet.default.id
|
subnet_id = aws_subnet.default.id
|
||||||
vpc_security_group_ids = [aws_security_group.windows.id]
|
vpc_security_group_ids = [aws_security_group.windows.id]
|
||||||
@@ -257,9 +264,9 @@ resource "aws_instance" "wef" {
|
|||||||
# Uses the local variable if external data source resolution fails
|
# Uses the local variable if external data source resolution fails
|
||||||
ami = coalesce(var.wef_ami, data.aws_ami.wef_ami.image_id)
|
ami = coalesce(var.wef_ami, data.aws_ami.wef_ami.image_id)
|
||||||
|
|
||||||
tags = {
|
tags = merge(var.custom-tags, map(
|
||||||
Name = "wef.windomain.local"
|
"Name", "${var.instance_name_prefix}wef.windomain.local"
|
||||||
}
|
))
|
||||||
|
|
||||||
subnet_id = aws_subnet.default.id
|
subnet_id = aws_subnet.default.id
|
||||||
vpc_security_group_ids = [aws_security_group.windows.id]
|
vpc_security_group_ids = [aws_security_group.windows.id]
|
||||||
@@ -292,9 +299,9 @@ resource "aws_instance" "win10" {
|
|||||||
# Uses the local variable if external data source resolution fails
|
# Uses the local variable if external data source resolution fails
|
||||||
ami = coalesce(var.win10_ami, data.aws_ami.win10_ami.image_id)
|
ami = coalesce(var.win10_ami, data.aws_ami.win10_ami.image_id)
|
||||||
|
|
||||||
tags = {
|
tags = merge(var.custom-tags, map(
|
||||||
Name = "win10.windomain.local"
|
"Name", "${var.instance_name_prefix}win10.windomain.local"
|
||||||
}
|
))
|
||||||
|
|
||||||
subnet_id = aws_subnet.default.id
|
subnet_id = aws_subnet.default.id
|
||||||
vpc_security_group_ids = [aws_security_group.windows.id]
|
vpc_security_group_ids = [aws_security_group.windows.id]
|
||||||
@@ -304,4 +311,3 @@ resource "aws_instance" "win10" {
|
|||||||
delete_on_termination = true
|
delete_on_termination = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -6,3 +6,5 @@ public_key_path = "/home/user/.ssh/id_logger.pub"
|
|||||||
private_key_path = "/home/user/.ssh/id_logger"
|
private_key_path = "/home/user/.ssh/id_logger"
|
||||||
ip_whitelist = ["1.2.3.4/32"]
|
ip_whitelist = ["1.2.3.4/32"]
|
||||||
availability_zone = "us-west-1b"
|
availability_zone = "us-west-1b"
|
||||||
|
// instance_name_prefix = "some_prefix_"
|
||||||
|
// custom-tags = {"tag_name": "tag_value"}
|
||||||
|
|||||||
@@ -6,6 +6,17 @@ variable "profile" {
|
|||||||
default = "terraform"
|
default = "terraform"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "custom-tags" {
|
||||||
|
type = map(string)
|
||||||
|
description = "Optional mapping for additional tags to apply to all related AWS resources"
|
||||||
|
default = {}
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "instance_name_prefix" {
|
||||||
|
description = "Optional string to prefix at the front of instance names in case you need to run multiple DetectionLab environments in the same AWS account"
|
||||||
|
default = ""
|
||||||
|
}
|
||||||
|
|
||||||
variable "availability_zone" {
|
variable "availability_zone" {
|
||||||
description = "https://www.terraform.io/docs/providers/aws/d/availability_zone.html"
|
description = "https://www.terraform.io/docs/providers/aws/d/availability_zone.html"
|
||||||
default = ""
|
default = ""
|
||||||
@@ -109,4 +120,3 @@ variable "win10_ami" {
|
|||||||
type = string
|
type = string
|
||||||
default = ""
|
default = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user