Manage your Network sing Infrastructure as Code (Workshop code)

This repository is the code base for the AWS Workshop Manage your Network using Infrastructure as Code.

When you add applications to your AWS environment, with tens or hundreds of VPCs, management (traffic inspection, access to shared services, DNS resolution, or simply connectivity) can become complex. In the workshop, you will use Terraform to explore how to manage applications within one AWS Region. We will discuss the benefits of centralizing services using AWS Transit Gateway, and how you can create a global network between AWS Regions and on-premises environments using code.

Several public modules (created and maintained by AWS) are used:

• VPC module
• Hub and Spoke module.
• AWS Network Firewall module

Note: The final versions of the main.tf and outputs.tf files at the end of each lab can be found in the final_code folder.

Prerequisites - if you follow the workshop outside AWS hosted events

• An AWS account with an IAM user with the appropriate permissions.
• Terraform installed.

Code Principles:

• Writing DRY (Do No Repeat Yourself) code using a modular design pattern.

Security

See CONTRIBUTING for more information.

License

This library is licensed under the MIT-0 License. See the LICENSE file.

Requirements

Name	Version
terraform	>= 1.3.0
aws	>= 4.28.0
awscc	>= 0.30.0

Providers

Name	Version
aws.awsoregon	4.33.0
aws.awsstockholm	4.33.0

Modules

No modules.

Resources

Name	Type
aws_networkfirewall_firewall_policy.oregon_anfw_policy	resource
aws_networkfirewall_firewall_policy.stockholm_anfw_policy	resource
aws_networkfirewall_rule_group.oregon_allow_domains	resource
aws_networkfirewall_rule_group.oregon_drop_remote	resource
aws_networkfirewall_rule_group.stockholm_allow_domains	resource
aws_networkfirewall_rule_group.stockholm_drop_remote	resource

Inputs

Name	Description	Type	Default	Required
aws_regions	AWS regions to spin up resources.	map(string)	{ "oregon": "us-west-2", "stockholm": "eu-north-1" }	no
identifier	Project Identifier.	string	"manage-network-iac"	no
oregon_spoke_vpcs	Information about the VPCs to create in us-west-2.	any	{ "non-prod": { "cidr_block": "10.0.1.0/24", "cwan_subnet_cidrs": [ "10.0.1.64/28", "10.0.1.80/28" ], "instance_type": "t2.micro", "number_azs": 2, "private_subnet_cidrs": [ "10.0.1.0/28", "10.0.1.16/28" ], "tgw_subnet_cidrs": [ "10.0.1.32/28", "10.0.1.48/28" ], "type": "nonprod" }, "prod": { "cidr_block": "10.0.0.0/24", "cwan_subnet_cidrs": [ "10.0.0.64/28", "10.0.0.80/28" ], "instance_type": "t2.micro", "number_azs": 2, "private_subnet_cidrs": [ "10.0.0.0/28", "10.0.0.16/28" ], "tgw_subnet_cidrs": [ "10.0.0.32/28", "10.0.0.48/28" ], "type": "prod" } }	no
stockholm_spoke_vpcs	Information about the VPCs to create in eu-north-1.	any	{ "non-prod": { "cidr_block": "10.1.1.0/24", "cwan_subnet_cidrs": [ "10.1.1.64/28", "10.1.1.80/28" ], "instance_type": "t3.micro", "number_azs": 2, "private_subnet_cidrs": [ "10.1.1.0/28", "10.1.1.16/28" ], "tgw_subnet_cidrs": [ "10.1.1.32/28", "10.1.1.48/28" ], "type": "nonprod" }, "prod": { "cidr_block": "10.1.0.0/24", "cwan_subnet_cidrs": [ "10.1.0.64/28", "10.1.0.80/28" ], "instance_type": "t3.micro", "number_azs": 2, "private_subnet_cidrs": [ "10.1.0.0/28", "10.1.0.16/28" ], "tgw_subnet_cidrs": [ "10.1.0.32/28", "10.1.0.48/28" ], "type": "prod" } }	no
supernet	AWS Region Supernet CIDR blocks.	map(string)	{ "oregon": "10.0.0.0/16", "stockholm": "10.1.0.0/16" }	no
transit_gateway_asn	Amazon Side ASNs to apply in the Transit Gateways.	map(string)	{ "oregon": 65050, "stockholm": 65051 }	no

Outputs

No outputs.