forked from hashicorp/vault
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
98 lines (84 loc) · 3.36 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# ---------------------------------------------------------------------------------------------------------------------
# Configures VPC peering and/or VPN interconect resources to allow Vault clients to communicate with Vault nodes over
# private subnets.
# ---------------------------------------------------------------------------------------------------------------------
terraform {
# 0.11.3 is the current version in our public terraform image
# see: https://github.com/wpengine/base-images-public/tree/master/gcloud/terraform
required_version = "0.11.3"
}
provider "aws" {
alias = "corporate"
version = "~> 1.13.0"
region = "${var.aws_corporate_region}"
assume_role {
role_arn = "${var.aws_corporate_role_arn}"
session_name = "terraform_corporate_vault_networking"
}
}
provider "aws" {
alias = "corporate_dns"
version = "~> 1.13.0"
region = "${var.aws_corporate_region}"
assume_role {
role_arn = "${var.aws_corporate_dns_role_arn}"
session_name = "terraform_corporate_vault_dns"
}
}
module "corporate_core_metrics_to_vault" {
source = "git@github.com:wpengine/infraform.git//modules/aws-vpc-peering-to-vault-vpc?ref=v1.42"
peer_owner_id = "${var.peer_owner_id}"
vault_client_subnet_id = "${var.corporate_core_metrics_subnet_id}"
vault_client_name = "metricsapp"
vault_vpc_id = "${var.vault_vpc_id}"
vault_application_load_balancer_security_group_id = "${var.vault_load_balancer_security_group_id}"
vault_route_table_id = "${var.vault_route_table_id}"
providers = {
"aws.vault_client" = "aws.corporate"
"aws.vault_cluster" = "aws.corporate"
}
}
resource "aws_security_group_rule" "allow_vault_server_to_metricsdb_mysql" {
provider = "aws.corporate"
type = "ingress"
from_port = 3306
to_port = 3306
protocol = "tcp"
source_security_group_id = "${var.vault_security_group_id}"
security_group_id = "${var.metricsdb_security_group_id}"
}
module "cm_to_vault" {
source = "git@github.com:wpengine/infraform.git//modules/aws-vpc-peering-to-vault-vpc?ref=v1.42"
peer_owner_id = "${var.peer_owner_id}"
vault_client_subnet_id = "${var.cm_subnet_id}"
vault_client_name = "cm"
vault_vpc_id = "${var.vault_vpc_id}"
vault_application_load_balancer_security_group_id = "${var.vault_load_balancer_security_group_id}"
vault_route_table_id = "${var.vault_route_table_id}"
providers = {
"aws.vault_client" = "aws.corporate"
"aws.vault_cluster" = "aws.corporate"
}
}
module "jenkins_to_vault" {
source = "git@github.com:wpengine/infraform.git//modules/aws-vpc-peering-to-vault-vpc?ref=v1.42"
peer_owner_id = "${var.peer_owner_id}"
vault_client_subnet_id = "${var.jenkins_subnet_id}"
vault_client_name = "jenkins"
vault_vpc_id = "${var.vault_vpc_id}"
vault_application_load_balancer_security_group_id = "${var.vault_load_balancer_security_group_id}"
vault_route_table_id = "${var.vault_route_table_id}"
providers = {
"aws.vault_client" = "aws.corporate"
"aws.vault_cluster" = "aws.corporate"
}
}
module "vault_elbv2_dns_record" {
source = "git@github.com:wpengine/infraform.git//modules/dns-for-aws-elbv2?ref=v1.42"
name = "${var.vault_dns_record_name}"
load_balancer_arn = "${var.vault_load_balancer_arn}"
providers = {
"aws.dns" = "aws.corporate_dns"
"aws.load_balancer" = "aws.corporate"
}
}