You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by dm...@apache.org on 2019/09/25 08:49:35 UTC
[incubator-dlab] branch DLAB-edge created (now d37e478)
This is an automated email from the ASF dual-hosted git repository.
dmysakovets pushed a change to branch DLAB-edge
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git.
at d37e478 [DLAB-edge] Created terraform scripts for project deployment
This branch includes the following new commits:
new d37e478 [DLAB-edge] Created terraform scripts for project deployment
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org
[incubator-dlab] 01/01: [DLAB-edge] Created terraform scripts for
project deployment
Posted by dm...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
dmysakovets pushed a commit to branch DLAB-edge
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit d37e478d850707830cc54e04aa6e2bf4054108ed
Author: Dyoma33 <de...@gmail.com>
AuthorDate: Wed Sep 25 11:49:20 2019 +0300
[DLAB-edge] Created terraform scripts for project deployment
---
.../aws/project/main/files/edge-assume-policy.json | 13 +
.../aws/project/main/files/edge-policy.json | 123 +++++++++
.../aws/project/main/files/nb-assume-policy.json | 13 +
.../aws/project/main/files/nb-policy.json | 43 ++++
.../terraform/aws/project/main/iam.tf | 108 ++++++++
.../terraform/aws/project/main/instance.tf | 50 ++++
.../terraform/aws/project/main/main.tf | 27 ++
.../terraform/aws/project/main/network.tf | 275 +++++++++++++++++++++
.../terraform/aws/project/main/variales.tf | 64 +++++
9 files changed, 716 insertions(+)
diff --git a/infrastructure-provisioning/terraform/aws/project/main/files/edge-assume-policy.json b/infrastructure-provisioning/terraform/aws/project/main/files/edge-assume-policy.json
new file mode 100644
index 0000000..680b6f8
--- /dev/null
+++ b/infrastructure-provisioning/terraform/aws/project/main/files/edge-assume-policy.json
@@ -0,0 +1,13 @@
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Action": "sts:AssumeRole",
+ "Principal": {
+ "Service": "ec2.amazonaws.com"
+ },
+ "Effect": "Allow",
+ "Sid": ""
+ }
+ ]
+}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/project/main/files/edge-policy.json b/infrastructure-provisioning/terraform/aws/project/main/files/edge-policy.json
new file mode 100644
index 0000000..89f28c5
--- /dev/null
+++ b/infrastructure-provisioning/terraform/aws/project/main/files/edge-policy.json
@@ -0,0 +1,123 @@
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Action": [
+ "iam:CreateRole",
+ "iam:CreateInstanceProfile",
+ "iam:CreatePolicy",
+ "iam:AttachRolePolicy",
+ "iam:AddRoleToInstanceProfile",
+ "iam:DetachRolePolicy",
+ "iam:DeleteInstanceProfile",
+ "iam:DeletePolicy",
+ "iam:DeleteRolePolicy",
+ "iam:DeleteRole",
+ "iam:RemoveRoleFromInstanceProfile",
+ "iam:GetRole",
+ "iam:GetRolePolicy",
+ "iam:GetInstanceProfile",
+ "iam:GetPolicy",
+ "iam:GetUser",
+ "iam:ListUsers",
+ "iam:ListAccessKeys",
+ "iam:PassRole",
+ "iam:ListUserPolicies",
+ "iam:PutRolePolicy",
+ "iam:ListInstanceProfiles",
+ "iam:ListAttachedRolePolicies",
+ "iam:ListInstanceProfilesForRole",
+ "iam:ListRoles",
+ "iam:ListPolicies",
+ "iam:ListRolePolicies",
+ "iam:TagRole"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:CreateVpcEndpoint",
+ "ec2:CreateSubnet",
+ "ec2:CreateTags",
+ "ec2:CreateImage",
+ "ec2:CreateRoute",
+ "ec2:DeregisterImage",
+ "ec2:DescribeImages",
+ "ec2:DescribeAddresses",
+ "ec2:AssociateAddress",
+ "ec2:DisassociateAddress",
+ "ec2:AllocateAddress",
+ "ec2:ReleaseAddress",
+ "ec2:CreateRouteTable",
+ "ec2:CreateSecurityGroup",
+ "ec2:AuthorizeSecurityGroupEgress",
+ "ec2:AuthorizeSecurityGroupIngress",
+ "ec2:AssociateRouteTable",
+ "ec2:DeleteRouteTable",
+ "ec2:DeleteSubnet",
+ "ec2:DeleteTags",
+ "ec2:DeleteSecurityGroup",
+ "ec2:DeleteSnapshot",
+ "ec2:DescribeRouteTables",
+ "ec2:DescribeSpotInstanceRequests",
+ "ec2:ModifyVpcEndpoint",
+ "ec2:RunInstances",
+ "ec2:StartInstances",
+ "ec2:StopInstances",
+ "ec2:TerminateInstances",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcs",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeInstances",
+ "ec2:DescribeInstanceStatus",
+ "ec2:ModifyInstanceAttribute",
+ "ec2:RevokeSecurityGroupEgress",
+ "ec2:RevokeSecurityGroupIngress",
+ "ec2:AuthorizeSecurityGroupEgress",
+ "ec2:AuthorizeSecurityGroupIngress"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:CreateBucket",
+ "s3:ListAllMyBuckets",
+ "s3:GetBucketLocation",
+ "s3:GetBucketTagging",
+ "s3:PutBucketTagging",
+ "s3:PutBucketPolicy",
+ "s3:GetBucketPolicy",
+ "s3:DeleteBucket",
+ "s3:DeleteObject",
+ "s3:GetObject",
+ "s3:ListBucket",
+ "s3:PutObject",
+ "s3:PutEncryptionConfiguration"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "elasticmapreduce:AddTags",
+ "elasticmapreduce:RemoveTags",
+ "elasticmapreduce:DescribeCluster",
+ "elasticmapreduce:ListClusters",
+ "elasticmapreduce:RunJobFlow",
+ "elasticmapreduce:ListInstances",
+ "elasticmapreduce:TerminateJobFlows"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "pricing:GetProducts"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/project/main/files/nb-assume-policy.json b/infrastructure-provisioning/terraform/aws/project/main/files/nb-assume-policy.json
new file mode 100644
index 0000000..680b6f8
--- /dev/null
+++ b/infrastructure-provisioning/terraform/aws/project/main/files/nb-assume-policy.json
@@ -0,0 +1,13 @@
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Action": "sts:AssumeRole",
+ "Principal": {
+ "Service": "ec2.amazonaws.com"
+ },
+ "Effect": "Allow",
+ "Sid": ""
+ }
+ ]
+}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/project/main/files/nb-policy.json b/infrastructure-provisioning/terraform/aws/project/main/files/nb-policy.json
new file mode 100644
index 0000000..b03af44
--- /dev/null
+++ b/infrastructure-provisioning/terraform/aws/project/main/files/nb-policy.json
@@ -0,0 +1,43 @@
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": "s3:ListAllMyBuckets",
+ "Resource": "arn:aws:s3:::*"
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "s3:ListBucket",
+ "s3:GetBucketLocation",
+ "s3:PutBucketPolicy",
+ "s3:PutEncryptionConfiguration"
+ ],
+ "Resource": [
+ "arn:aws:s3:::${sbn}*"
+ ]
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "s3:GetObject",
+ "s3:HeadObject"
+ ],
+ "Resource": "arn:aws:s3:::${sbn}-ssn-bucket/*"
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "s3:HeadObject",
+ "s3:PutObject",
+ "s3:GetObject",
+ "s3:DeleteObject"
+ ],
+ "Resource": [
+ "arn:aws:s3:::${sbn}-bucket/*",
+ "arn:aws:s3:::${sbn}-shared-bucket/*"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/project/main/iam.tf b/infrastructure-provisioning/terraform/aws/project/main/iam.tf
new file mode 100644
index 0000000..42fc02b
--- /dev/null
+++ b/infrastructure-provisioning/terraform/aws/project/main/iam.tf
@@ -0,0 +1,108 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+locals {
+ edge_role_name = "${var.service_base_name}-edge-role"
+ edge_role_profile = "${var.service_base_name}-edge-profile"
+ edge_policy_name = "${var.service_base_name}-edge-policy"
+ nb_role_name = "${var.service_base_name}-nb-de-Role"
+ nb_role_profile = "${var.service_base_name}-nb-Profile"
+ nb_policy_name = "${var.service_base_name}-strict_to_S3-Policy"
+}
+
+data "template_file" "edge_policy" {
+ template = file("./files/edge-policy.json")
+}
+
+data "template_file" "nb_policy" {
+ template = file("./files/nb-policy.json")
+ vars = {
+ sbn = var.service_base_name
+ }
+}
+
+#################
+### Edge node ###
+#################
+
+resource "aws_iam_role" "edge_role" {
+ name = local.edge_role_name
+ assume_role_policy = file("./files/edge-assume-policy.json")
+ tags = {
+ Name = "${local.edge_role_name}"
+ "${local.additional_tag[0]}" = local.additional_tag[1]
+ "${var.tag_resource_id}" = "${var.service_base_name}:${local.edge_role_name}"
+ "${var.service_base_name}-Tag" = local.edge_role_name
+ }
+}
+
+resource "aws_iam_instance_profile" "edge_profile" {
+ name = local.edge_role_profile
+ role = aws_iam_role.edge_role.name
+}
+
+resource "aws_iam_policy" "edge_policy" {
+ name = local.edge_policy_name
+ policy = data.template_file.edge_policy.rendered
+}
+
+resource "aws_iam_role_policy_attachment" "edge_policy_attach" {
+ role = aws_iam_role.edge_role.name
+ policy_arn = aws_iam_policy.edge_policy.arn
+}
+
+############################################################
+### Explotratory environment and computational resources ###
+############################################################
+
+resource "aws_iam_role" "nb_de_role" {
+ name = local.nb_role_name
+ assume_role_policy = file("./files/nb-assume-policy.json")
+
+ tags = {
+ Name = local.nb_role_name
+ Environment_tag = var.service_base_name
+ "${var.service_base_name}-Tag" = local.nb_role_name
+ "${local.additional_tag[0]}" = local.additional_tag[1]
+ Project_name = var.project_name
+ Project_tag = var.project_tag
+ Endpoint_tag = var.endpoint_tag
+ "user:tag" = "${var.service_base_name}:${local.nb_role_name}"
+ User_tag = var.user_tag
+ Custom_tag = var.custom_tag
+ }
+}
+
+resource "aws_iam_instance_profile" "nb_profile" {
+ name = local.nb_role_profile
+ role = aws_iam_role.nb_de_role.name
+}
+
+resource "aws_iam_policy" "nb_policy" {
+ name = local.nb_policy_name
+ description = "Strict Bucket only policy"
+ policy = data.template_file.nb_policy.rendered
+}
+
+resource "aws_iam_role_policy_attachment" "nb_policy-attach" {
+ role = aws_iam_role.nb_de_role.name
+ policy_arn = aws_iam_policy.nb_policy.arn
+}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/project/main/instance.tf b/infrastructure-provisioning/terraform/aws/project/main/instance.tf
new file mode 100644
index 0000000..7b4cddc
--- /dev/null
+++ b/infrastructure-provisioning/terraform/aws/project/main/instance.tf
@@ -0,0 +1,50 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+locals {
+ edge_instance_name = "${var.service_base_name}-edge"
+}
+
+resource "aws_instance" "edge" {
+ ami = var.ami
+ instance_type = var.instance_type
+ key_name = var.key_name
+ subnet_id = var.subnet_id
+ security_groups = [aws_security_group.edge_sg.id]
+ iam_instance_profile = aws_iam_instance_profile.edge_profile.id
+ root_block_device {
+ volume_type = "gp2"
+ volume_size = var.edge_volume_size
+ delete_on_termination = true
+ }
+ tags = {
+ Name = local.edge_instance_name
+ "${local.additional_tag[0]}" = local.additional_tag[1]
+ "${var.tag_resource_id}" = "${var.service_base_name}:${local.edge_instance_name}"
+ "${var.service_base_name}-Tag" = local.edge_instance_name
+ "Endpoint_tag" = var.endpoint_tag
+ }
+}
+
+resource "aws_eip_association" "edge_ip_assoc" {
+ instance_id = aws_instance.edge.id
+ allocation_id = aws_eip.edge_ip.id
+}
diff --git a/infrastructure-provisioning/terraform/aws/project/main/main.tf b/infrastructure-provisioning/terraform/aws/project/main/main.tf
new file mode 100644
index 0000000..6f5ac81
--- /dev/null
+++ b/infrastructure-provisioning/terraform/aws/project/main/main.tf
@@ -0,0 +1,27 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+provider "aws" {
+ access_key = var.access_key_id
+ secret_key = var.secret_access_key
+ region = var.region
+}
+
diff --git a/infrastructure-provisioning/terraform/aws/project/main/network.tf b/infrastructure-provisioning/terraform/aws/project/main/network.tf
new file mode 100644
index 0000000..d1064cd
--- /dev/null
+++ b/infrastructure-provisioning/terraform/aws/project/main/network.tf
@@ -0,0 +1,275 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+locals {
+ edge_sg_name = "${var.service_base_name}-${var.project_name}-edge-sg"
+ edge_ip_name = "${var.service_base_name}-${var.project_name}-edge-EIP"
+ additional_tag = split(":", var.additional_tag)
+ nb_subnet_name = "${var.service_base_name}-${var.project_name}-nb-subnet"
+ sg_name = "${var.service_base_name}-${var.project_name}-nb-sg" #sg - security group
+ sbn = var.service_base_name
+}
+
+#################
+### Edge node ###
+#################
+
+resource "aws_eip" "edge_ip" {
+ vpc = true
+ tags = {
+ Name = local.edge_ip_name
+ "${local.additional_tag[0]}" = local.additional_tag[1]
+ "${var.tag_resource_id}" = "${var.service_base_name}:${local.edge_ip_name}"
+ "${var.service_base_name}-Tag" = local.edge_ip_name
+ }
+}
+
+resource "aws_security_group" "edge_sg" {
+ name = local.edge_sg_name
+ vpc_id = var.vpc_id
+
+ ingress {
+ from_port = 0
+ protocol = "-1"
+ to_port = 0
+ cidr_blocks = [var.nb_cidr, var.edge_cidr]
+ }
+
+ ingress {
+ from_port = 22
+ to_port = 22
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ ingress {
+ from_port = 8080
+ to_port = 8080
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ ingress {
+ from_port = 80
+ to_port = 80
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ ingress {
+ from_port = 3128
+ to_port = 3128
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ egress {
+ from_port = 80
+ to_port = 80
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ egress {
+ from_port = 8080
+ protocol = "tcp"
+ to_port = 8080
+ cidr_blocks = [var.nb_cidr]
+ }
+
+ egress {
+ from_port = 6006
+ protocol = "tcp"
+ to_port = 6006
+ cidr_blocks = [var.nb_cidr]
+ }
+
+ egress {
+ from_port = 8085
+ protocol = "tcp"
+ to_port = 8085
+ cidr_blocks = [var.nb_cidr]
+ }
+
+ egress {
+ from_port = 18080
+ protocol = "tcp"
+ to_port = 18080
+ cidr_blocks = [var.nb_cidr]
+ }
+
+ egress {
+ from_port = 8088
+ protocol = "tcp"
+ to_port = 8088
+ cidr_blocks = [var.nb_cidr]
+ }
+
+ egress {
+ from_port = 4040
+ protocol = "tcp"
+ to_port = 4140
+ cidr_blocks = [var.nb_cidr]
+ }
+
+ egress {
+ from_port = 50070
+ protocol = "tcp"
+ to_port = 50070
+ cidr_blocks = [var.nb_cidr]
+ }
+
+ egress {
+ from_port = 8888
+ protocol = "tcp"
+ to_port = 8888
+ cidr_blocks = [var.nb_cidr]
+ }
+
+ egress {
+ from_port = 8042
+ protocol = "tcp"
+ to_port = 8042
+ cidr_blocks = [var.nb_cidr]
+ }
+
+ egress {
+ from_port = 20888
+ protocol = "tcp"
+ to_port = 20888
+ cidr_blocks = [var.nb_cidr]
+ }
+
+ egress {
+ from_port = 8787
+ protocol = "tcp"
+ to_port = 8787
+ cidr_blocks = [var.nb_cidr]
+ }
+
+ egress {
+ from_port = 8081
+ protocol = "tcp"
+ to_port = 8081
+ cidr_blocks = [var.nb_cidr]
+ }
+
+ egress {
+ from_port = 53
+ to_port = 53
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ egress {
+ from_port = 389
+ to_port = 389
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ egress {
+ from_port = 123
+ to_port = 123
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ egress {
+ from_port = 443
+ to_port = 443
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ egress {
+ from_port = 22
+ to_port = 22
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ tags = {
+ Name = local.edge_sg_name
+ "${local.additional_tag[0]}" = local.additional_tag[1]
+ "${var.tag_resource_id}" = "${var.service_base_name}:${local.edge_sg_name}"
+ "${var.service_base_name}-Tag" = local.edge_sg_name
+ }
+}
+
+############################################################
+### Explotratory environment and computational resources ###
+############################################################
+
+resource "aws_subnet" "private_subnet" {
+ vpc_id = var.vpc_id
+ cidr_block = var.nb_cidr
+
+ tags = {
+ Name = local.nb_subnet_name
+ "${local.sbn}-Tag" = local.nb_subnet_name
+ "${local.additional_tag[0]}" = local.additional_tag[1]
+ Project_name = var.project_name
+ Project_tag = var.project_tag
+ Endpoint_tag = var.endpoint_tag
+ "user:tag" = "${local.sbn}:${local.nb_subnet_name}"
+ User_tag = var.user_tag
+ Custom_tag = var.custom_tag
+ }
+}
+
+resource "aws_security_group" "nb-sg" {
+ name = local.sg_name
+ vpc_id = var.vpc_id
+
+ ingress {
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_blocks = [var.nb_cidr, var.edge_cidr]
+ }
+
+ egress {
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ egress {
+ from_port = 443
+ to_port = 443
+ protocol = "TCP"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ tags = {
+ Name = local.sg_name
+ "${local.sbn}-Tag" = local.sg_name
+ "${local.additional_tag[0]}" = local.additional_tag[1]
+ Project_name = var.project_name
+ Project_tag = var.project_tag
+ Endpoint_tag = var.endpoint_tag
+ "user:tag" = "${local.sbn}:${local.sg_name}"
+ User_tag = var.user_tag
+ Custom_tag = var.custom_tag
+ }
+}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/project/main/variales.tf b/infrastructure-provisioning/terraform/aws/project/main/variales.tf
new file mode 100644
index 0000000..dfa7dc3
--- /dev/null
+++ b/infrastructure-provisioning/terraform/aws/project/main/variales.tf
@@ -0,0 +1,64 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+variable "access_key_id" {}
+
+variable "secret_access_key" {}
+
+variable "service_base_name" {}
+
+variable "project_name" {}
+
+variable "project_tag" {}
+
+variable "endpoint_tag" {}
+
+variable "user_tag" {}
+
+variable "custom_tag" {}
+
+variable "region" {}
+
+variable "zone" {}
+
+variable "vpc_id" {}
+
+variable "subnet_id" {}
+
+variable "nb_cidr" {}
+
+variable "edge_cidr" {}
+
+variable "ami" {}
+
+variable "instance_type" {}
+
+variable "key_name" {}
+
+variable "edge_volume_size" {}
+
+variable "additional_tag" {
+ default = "product:dlab"
+}
+
+variable "tag_resource_id" {
+ default = "user:tag"
+}
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org